Like the system's security and data security, keeping a sound knowledge about different wireless security measures is also essential for security professionals. It is because different wireless security mechanisms have a different level of strength and capabilities.
There are automated wireless hacking tools available that have made cybercriminals more powerful. List of some of these tools are:
- AirCrack.
- AirSnort.
- Cain & Able.
- Wireshark.
- NetStumbler etc.
Different hacking techniques include remote accessing, shoulder surfing, wireless router's dashboard accessing, and brute-forcing attack that are used to penetrate wireless security. In this chapter, you will learn about the different security postures that exist in the wireless domain.
What is Wireless Security?
Wireless security revolves around the concept of securing the wireless network from malicious attempts and unauthorized access.
- Hardware-based: where routers and switches are fabricated with encryption measures protects all wireless communication. So, in this case, even if the data gets compromised by the cybercriminal, they will not be able to decrypt the data or view the traffic's content.
- Wireless setup of IDS and IPS: helps in detecting, alerting, and preventing wireless networks and sends an alarm to the network administrator in case of any security breach.
- Wireless security algorithms: such as WEP, WPA, WPA2, and WPA3. These are discussed in the subsequent paragraphs.
Wired Equivalent Privacy (WEP)
Wired Equivalent Privacy (WEP) is the oldest security algorithm of 1999. It uses the initialization vector (IV) method. The first versions of the WEP algorithm were not predominantly strong enough, even when it got released. But the reason for this weak release was because of U.S. limits on exporting different cryptographic technologies, which led the manufacturing companies to restrict their devices to 64-bit encryption only. As the limitation was withdrawn, the 128 bit and 256 bit WEP encryption were developed and came into the wireless security market, though 128 became standard.
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access (WPA) was the next Wi-Fi Alliance's project that replaced the WEP standard's increasingly noticeable vulnerabilities. WPA was officially adopted in the year 2003, one year before the retirement of WEP. WPA's most common configuration is with WPA-PSK, which is abbreviated as Pre-Shared Key. WPA uses 256-bit, which was a considerable enhancement above the 64-bit as well as 128-bit keys.
Wi-Fi Protected Access II (WPA2)
Wi-Fi Protected Access II (WPA2) became official in the year 2006 after WPA got outdated. It uses the AES algorithms as a necessary encryption component as well as uses CCMP (Counter Cipher Mode - Block Chaining Message Authentication Protocol) by replacing TKIP.
Wi-Fi Protected Access 3 (WPA3)
Wi-Fi Protected Access 3 (WPA3) is the latest and the third iteration of this family developed under Wi-Fi Alliance. It has personal and enterprise security-support features and uses 384-bit Hashed Message Authentication Mode, 256-bit Galois / Counter Mode Protocol (GCMP-256) well as Broadcast/Multicast Integrity Protocol of 256-bit. WPA3 also provides perfect forward secrecy mechanism support.
