Are you a building owner or manager looking to upgrade your security protocols?
Wireless internet has become ubiquitous, and building managers are increasingly relying on wireless control systems to protect their facilities.
That’s because not only do wireless access control systems allow for a seamless experience for workers or renters living in a building, but it’s also the most effective way to prevent unwanted individuals from connecting to your wireless network and encrypting your data.
But even though wireless security (or WiFi security) is designed to ensure that only authorized users can access your data, if you aren’t careful, highly skilled and resourceful hackers could still hijack and take control of wireless networks. That’s why you need to protect your network by choosing the proper level of wireless security.
And to help you choose the right encryption protocol for your building, we’ve explained the four different common types of wireless security below.
Wire Equivalent Privacy (WEP)
The first wireless security protocol we will tackle is WEP (Wire Equivalent Privacy). WEP was developed and approved as a WiFi security standard in 1999. And as such, it was the first security protocol ever used for wireless networks.
Now, WEP was initially designed to supply the same security level to wireless and wired networks. Unfortunately, after some time, it turned out that the 64-bit encryption key that WEP used to protect wireless networks wasn’t secure and exposed networks to hackers.
Despite the introduction of a stronger 256-bit encryption key, security flaws remained, and as computing power increased, the WEP system became highly vulnerable.
The Wi-Fi Alliance officially abandoned WEP in 2004 and it’s recommended that systems still relying on WEP be upgraded or replaced as soon as possible.
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access was developed to solve the issues raised with WEP and was made available to users in 2003, one year before the WEP system was retired.
Note that it was only ever intended as an intermediate measure in anticipation of the availability of the more secure and complex WPA2 made available in 2004.
WPA is a superior system because it uses a much stronger encryption method called TKIP or Temporal Key Integrity Protocol. But how does that work exactly?
With a TKIP encryption protocol, the encryption keys are encrypted themselves and are always changing. And this, in turn, ensures data integrity.
Unfortunately, the WPA security protocol was created so that it could be rolled out through firmware upgrades on WEP-enabled devices. And as such, it also displayed security flaws and exposed users’ wireless networks to hackers.
Wi-Fi Protected Access Version 2 (WPA2)
This leads us to the introduction of the WPA2 security protocol. As mentioned, WPA2 was developed to enhance wireless security over WPA.
To do so, the WPA2 security standard for wireless networks was developed based on the use of a stronger encryption method called AES, which stands for Advanced Encryption Standard technology. It uses a symmetric encryption algorithm, meaning the same key is used for both the encryption of plain text and the decryption of ciphertext.
This encryption method is strong enough to resist wireless network attacks. So much so, that the U.S Government uses an AES encryption algorithm to encrypt sensitive government data and protect classified information.
WPA2 became the industry standard in 2004, and in 2006, the Wi-Fi Alliance stipulated that all future devices with the Wi-Fi Certified trademark had to use the WPA2 security certification program.
Unfortunately, the WPA2 standard also showed flaws and vulnerabilities. For instance, research has shown that a hacker located within range of a specific WiFi network can carry out a key reinstallation attack (also known as KRACKs) and access encrypted data.
WPA2 is therefore insecure, although much more secure than older WiFi security standards like WEP or WPA.
Wi-Fi Protected Access Version 3 (WPA3)
WPA3 is the latest generation of WiFi security. It was introduced by the Wi-Fi Alliance as the new industry standard in 2018 and was designed to tremendously enhance protection against brute-force attacks for network passwords.
WPA3 uses a 128-bit encryption just like WPA2 but instead of increasing the encryption strength, WPA3 focuses on additional ways to protect users against attacks. For instance, if a network has a weak password, WPA3 will provide a second line of defense.
WPA3 uses Simultaneous Authentication of Equals (SAE) handshake designed to protect networks against dictionary attacks. With the older WPA2 standard, hackers could intercept an encrypted wireless data stream and try to brute force it using many different passwords until one worked.
That’s because WPA2 allows attackers to use an offline dictionary attack to try and crack your password as many times as they want. And to do so, they don’t even need to be interacting with your network which makes it vulnerable.
With SAE, hackers have to be interacting with your network and only get one chance to crack your password. If they want to try once again, they’ll need to be on the same network again and will only get one guess.
All these steps make it much more time-consuming for hackers to carry out a brute-force attack and crack your password (even if it’s a weak one).
Note that they are three main variations of the WPA3 standard:
- WPA3-Personal: this standard was designed for individuals using their home WiFi and uses an arbitrary password.
- WPA3-Enterprise: this standard uses a minimum 128-bit encryption key, an authentication server in place of a password and Protected Management Frames to prevent evil twin attacks or disconnect attacks.
- WPA3-Enterprise with 192-bit Mode: this standard is similar to WPA3-Enterprise but it provides users with the option to use a minimum 192-bit encryption key.
The best way to protect your wireless network is to use the latest security protocol. As technological advancements continue and computing power increases, new protocols will most likely continue to be implemented to solve older standards flaws.
So, make sure to keep an eye on the latest updates in the security field by reading our posts. This way, you can stay one step ahead of hackers!