# Wireless Network Security ## Why Wireless Security Matters Wireless networks present unique security challenges compared to wired networks. Because wireless signals travel through the air and through walls, they can potentially be received by anyone within range, including people outside the building. A wireless network without adequate security is essentially an open network that anyone nearby can connect to and use, potentially accessing private resources and internet bandwidth, intercepting unencrypted traffic, and launching attacks against other devices on the network. ## WEP - Wired Equivalent Privacy WEP was the original security protocol for WiFi networks, introduced with the original 802.11 standard in 1997. WEP attempted to provide security equivalent to a wired connection by encrypting data. However, WEP has severe cryptographic weaknesses that were discovered in 2001. The initialization vector used for encryption is too short, causing it to repeat frequently. When the initialization vector repeats, patterns emerge that allow attackers to crack the encryption key in minutes using widely available tools. WEP should never be used because it provides essentially no security. ## WPA - WiFi Protected Access WPA was introduced in 2003 as an emergency interim measure to address WEP's vulnerabilities while the more comprehensive WPA2 standard was being finalized. WPA uses TKIP, Temporal Key Integrity Protocol, which addresses some of WEP's key weaknesses by dynamically changing encryption keys. WPA is significantly stronger than WEP but has its own vulnerabilities. WPA should be replaced by WPA2 or WPA3 where possible. ## WPA2 WPA2 replaced WPA as the standard security protocol. WPA2 uses AES, the Advanced Encryption Standard, with the CCMP protocol, providing much stronger encryption than TKIP. WPA2 comes in two modes. Personal mode, also called WPA2-PSK for Pre-Shared Key, uses a shared password that all devices use to connect. This is the mode used in home networks. Enterprise mode uses a RADIUS authentication server to verify individual user credentials, providing each user with unique authentication credentials. ## WPA3 WPA3 is the current generation WiFi security standard. WPA3-Personal uses Simultaneous Authentication of Equals, which protects against offline dictionary attacks even if an attacker captures the handshake traffic. This means that even a weak password is better protected under WPA3 than WPA2. WPA3-Enterprise uses stronger 192-bit encryption for applications requiring high security. WPA3 also provides forward secrecy, meaning that if an attacker later discovers the password, they cannot decrypt previously captured traffic.