Wireless Security

Wireless networks introduce unique security challenges because the transmission medium — radio waves — cannot be physically contained. Anyone within range can potentially intercept traffic, attempt to connect, or launch attacks. Securing wireless networks requires a combination of strong encryption, authentication, and monitoring.

---

Wireless Security Standards

The evolution of Wi-Fi security has been driven by the repeated breaking of older protocols:

Standard	Encryption	Key Management	Status
WEP	RC4 (40/104-bit)	Static keys	Broken — crackable in minutes
WPA	TKIP (RC4-based)	Dynamic keys per packet	Deprecated — vulnerable to attacks
WPA2	AES-CCMP	4-way handshake (PSK or Enterprise)	Current standard — secure when configured properly
WPA3	AES-GCMP-256	SAE (Simultaneous Authentication of Equals)	Latest standard — strongest protection

Why WEP Fails

WEP uses a 24-bit Initialisation Vector (IV) that repeats frequently. Tools like aircrack-ng can crack WEP keys by collecting enough packets — often in under five minutes.

WPA3 Improvements

Feature	WPA2	WPA3
Key exchange	PSK (vulnerable to offline dictionary attacks)	SAE (resistant to offline attacks)
Forward secrecy	No	Yes — each session uses unique keys
Open network protection	None	OWE (Opportunistic Wireless Encryption)
Brute force protection	No	Yes — blocks after repeated failures

---

WPA2/WPA3 Modes

Personal (PSK)

• Uses a shared passphrase (Pre-Shared Key)
• Suitable for home and small office networks
• All users share the same key
• Risk: if the PSK is compromised, all traffic can be decrypted

Enterprise (802.1X)

• Uses a RADIUS server for individual authentication
• Each user has unique credentials (username/password or certificate)
• Session keys are generated per user
• Preferred for organisations — provides accountability and granular access

802.1X Authentication Flow

Client (Supplicant)
     │
     ▼
Access Point (Authenticator)
     │
     ▼
RADIUS Server (Authentication Server)
     │
     ▼
Credentials verified → Session key issued → Access granted

---

Common Wireless Attacks

Attack	Description	Mitigation
Evil Twin	Attacker creates a rogue AP mimicking a legitimate network	802.1X, wireless IDS, user training
Deauthentication Attack	Sending forged deauth frames to disconnect clients	802.11w (Management Frame Protection), WPA3
WPA2 Handshake Capture	Capturing the 4-way handshake for offline cracking	Strong passphrases (20+ characters), WPA3 SAE
KRACK (Key Reinstallation Attack)	Exploiting WPA2 handshake to decrypt traffic	Patch clients and APs, use WPA3
Karma / MANA Attack	Rogue AP responds to any probe request	Disable auto-connect, use 802.1X
Rogue Access Point	Unauthorised AP connected to the corporate network	Wireless IDS, NAC, regular scanning
Packet Sniffing	Capturing unencrypted wireless traffic	Encryption (WPA2/WPA3), VPN

---

Wireless Security Best Practices

Network Configuration