Wireless networks are becoming more common in businesses and homes. Most mobile devices now come with a wireless network associated with the device’s brand or carrier. There are also public hotspots at restaurants, coffee shops, and airports to name a few. This makes it easier for us to catch up on work or with friends online.
However, no matter how convenient wireless networks might be they can present a security risk. Data can be stolen resulting in penalties. Here are some of the risks organizations and individuals need to be aware of.
Wireless Network Security Risks
Security can be a problem with wireless networks since the data is sent “over the air.” Wireless networks use the same technology to send and receive data as a radio transmission. This can make it easy for hackers and thieves to get inside your network, even if it is password enabled.
There are also technical issues that can interfere with the wireless network’s performance.
- Interference can be a problem if several employees in the building are using wireless networks. Wired networks can also interfere with a wireless signal. While rare, the interference can result in the loss of communication capabilities over the wireless network.
- Coverage with wireless networks isn’t always as broad as you might need, especially if the building has a reinforced steel structure. This can cause “black spots”. These are areas where a wireless signal is not available.
- Transmission speeds can be slower if the organization has a large wireless network. To prevent this, many companies also use a wired or fiber-optic network as a “backbone”.
Even though there are security risks and disadvantages with a wireless network, there are advantages that make it worth a company’s time and money to install one or allow employees to use their own.
- Efficiency can increase between businesses, employees, and customers. Employees in the field can quickly check available stock, prices, or order status when they are out with customers.
- Employers and employees are constantly in touch, even when one or both are working remotely.
- Wireless networks do allow for more flexibility. This is beneficial if you have remote employees or some that are often out in the field. Instead of having to access the data from a stationary company desktop computer, all the information needed is at the employee’s fingertips.
The main disadvantage of wireless networks is the lack of security. However, there are protocols you can take that can improve security and protect your data from hackers and thieves.
Security Protocols for Wireless Networks
There are three main types of wireless security protocols, and there are differences. Choosing the right level of encryption should be the first thing you do when you’re setting up a wireless network. Before you make a decision, you need to be familiar with the different security protocols.
Wired Equivalent Privacy (WEP)
WEP was developed by the Wi-Fi Alliance in the late 1990s. It was the first encryption algorithm developed for the 802.11 standard, and it had one primary goal – to prevent hackers from accessing any data that was transmitted. Unfortunately, by 2001, cybersecurity experts had found several flaws in the algorithm’s security.
This led to cybersecurity experts recommending that consumers and organizations phase out WEP from their devices. In 2009, it became apparent that WEP was not as effective as developers had stated when the massive cyberattack against TJ. Maxx was launched. The data breached comprised customers’ credit card accounts and cost the retailer $9.75 million in legal expenses.
To authenticate users, WEP uses the Rivest Cipher 4 (RC4). The original model used a 40-bit encryption key, though it has been upgraded to a 104-bit key that is manually entered by the administrator. The key is used with a 24-bit IV (Initialization Vector) that helps to strengthen the password/encryption. The problem that often occurs is that due to the IV’s small size, administrators are likely to use the same keys. This makes the encryption easier to hack.
WEP might have been the original algorithm for wireless networks, but over time it has shown that it is vulnerable to cyberattacks. This is why other security protocols have been developed since the issues with WEP were discovered.
Wi-Fi Protected Access (WPA)
Once the flaws were discovered, and made public, in WEP the process to create a new wireless protocol was started. However, it takes time to write a replacement. To ensure that wireless network users still had protection, the Wi-Fi Alliance released WPA as a temporary replacement in 2003. This gave the Institute of Electrical and Electronics Engineers Inc. (IEEE) time to create a viable replacement for WEP.
Even though WPA is considered an interim security algorithm, it is an improvement over WEP. It has discrete modes for personal and business use for improved security. In personal mode, preshared keys are used to make it easier to implement and manage the network among employees and consumers. Business or enterprise mode requires an administrator to authenticate a device before it can access the network. This allows larger companies to have more control over who has access to the data.
WPA is based on the RC4 cipher like its predecessor WEP, only it uses TKIP (temporal key integrity protocol) to boost wireless security. This includes,
- Using 256-bit keys to reduce keys being reused
- Generating a unique key for a packet by key mixing per packet
- Automatically broadcasting updated keys and usage
- Integrity checks of the system
- IV size increased to 48 bits
Since WPA was designed to be compatible with WEP, IT professionals found that they could easily update to the interim security protocol for their wireless network. All they needed was a simple firmware update. While switching protocols was simple this also created potential security risks since it was not as comprehensive as developers and users hoped it would be.
Wi-Fi Protected Access 2 (WPA2)
The replacement for the interim WPA, the IEEE released WPA2 in 2004. There are still some security vulnerabilities with WPA2, but it is still considered one of the most secure wireless network protocols available for personal and business use.
While like WPA, it also offers users personal and enterprise/business modes. WPA2 also has several security improvements. These include,
- Replacing TKIP and the RC4 cipher with stronger authentication and encryption mechanisms – CCMP (Cipher Block Chaining Message Authentication Code Protocol) and AES (Advanced Encryption Standard). If your device cannot support CCMP, the security algorithm is still compatible with TKIP. This helps to ensure that WPA2 is compatible with all devices and wireless networks.
- AES was originally developed by the United States government to protect classified data from foreign and domestic hackers. It uses three symmetric block ciphers with each one encrypting and decrypting incoming and outgoing data using 128, 192, and 256-bit keys. This security protocol for wireless networks does use more power but technical improvements have lessened any concerns about performance.
- CCMP prevents everyone except for authorized users to receive data by using cipher block chaining. This helps to ensure the integrity of the message.
WPA2 also allows for more seamless roaming from one access point to another without having to re-authenticate user access. This can improve productivity and client relations. Data can be transferred seamlessly, without having to take extra authentication steps.
After reviewing the three security protocols for wireless networks, WPA2 is a welcome replacement for WEP and the temporary algorithm WPA. Knowing which protocol provides the best wireless security is helpful, but so is knowing exactly how it works. If you know how threats are being blocked, you’ll be better equipped at recognizing any issues that might get through.
How Security Protocols for Wi-Fi Work
Wireless security protocols basically encrypt data from senders until the message reaches the receiver. A common analogy to explain the process in layman’s terms is to imagine two people meeting in a crowded room, exchanging a codeword and creating a secret handshake that signals a message received from one or the other is to be trusted.
Instead of using secret handshakes and coded messages, the wireless security protocol uses encryption keys. With a possible 340 trillion key combinations, it is almost impossible for hackers to enter the system and get access to the data. While this does sound like an impenetrable security system, there are some vulnerabilities.
Are Wireless Security Protocols Vulnerable to Hackers?
When WPA2 was created to replace WEP and WAP, it was thought that this security protocol was almost impossible for hackers to crack. With its larger IV size to prevent key reuse and other improvements, companies and individuals began to believe that their wireless networks were safe.
In 2017, this changed when a vulnerability in the protocol was discovered. Hackers could take advantage of a system weakness by posing as an access point. This would allow them to access the data and this breach is known as a Key Reinstallation Attack (KRACK). This vulnerability did cause concern with wireless network uses, and patches were created to prevent data from being stolen.
The only problem with this remedy is that not everyone may have gotten the patches installed in time or even be aware that their wireless network might be at risk. This particularly applies to public wi-fi hotspots and companies with older networks. To understand how wireless security protocols can be vulnerable, it’s helpful to know how encryption codes work.
The various security protocols for wireless networks use different methods to encrypt messages. Understanding encryption on how it works will help you decide which protocol will protect your data:
WEP: As previously mentioned, WEP has the weakest security since it uses radio waves to transmit messages. This already makes it easy for hackers to steal the information as it travels. It will still be encrypted when it reaches an unauthorized party, but WEP uses the same encryption key for all messages making it easy for hackers to crack. There is software available that can crack WEP encryption in minutes.
WPA: This interim security protocol uses TKIP (temporal key integrity protocol) for wireless protection. It is an improvement over WEP since it resolved two problems associated with the old protocol. The key length is increased and a unique 48-bit number is assigned to each message. This makes it more difficult for hackers to break the encryption code. While TKIP did fix some of the security issues with WEP, it was still vulnerable since it was only created to be a temporary patch.
WPA2: The replacement for WEP and WPA, this security protocol is compatible with TKIP and the stronger AES encryption. Older computer systems might not be compatible with AES, so TKIP can be back-ended for encryption. The main security issue with TKIP is that any authorized computer can access messages. This includes entities that are not the intended receivers. AES ( advanced encryption standard) uses symmetric block ciphers to send each message with a unique key. This eliminates the patterns hackers look for when trying to break an encrypted message.
Keeping Your Wireless Networks Safe
If you want to protect your data at work, home, or a remote location, you need to have security protocols for the wireless networks in place. The most effective is WPA2, though even it can be vulnerable. Even though there is always the risk of data being stolen from a wireless network, it is hard to ignore the advantages of having one.
The main advantages being that employees are often more productive, customer relations improve, and workers out in the field still have access to all the information they need to complete their jobs. These are things you can’t always do with a wired network.
RSI Security is here to answer any questions you have about the different types of wireless security protocols, and to give advice about which one is best for you.