14.8.9 How Are Wireless Networks Kept Secure?
- Why Does Wi-Fi Require Stronger Security Than Ethernet?
- What Are the Main Objectives of Wi-Fi Security?
- Why Was WEP Replaced?
- What Is WPA2?
- What Improvements Does WPA3 Provide?
- What Is Simultaneous Authentication of Equals (SAE)?
- How Is Information Protected After Authentication?
- How Are Enterprise Wi-Fi Networks Secured?
- Are Public Wi-Fi Networks Secure?
- What Is Wi-Fi Easy Connect?
- Can Wireless Networks Be Completely Secure?
- Will Wi-Fi Security Continue to Evolve?
- What Should You Remember?
Short Answer
Unlike wired Ethernet networks, where an attacker usually requires physical access to a cable, wireless LAN transmissions can be received by anyone within radio range. Wireless networks therefore require mechanisms to authenticate users, encrypt transmitted information, verify data integrity, and prevent unauthorized access. Modern Wi-Fi networks achieve these objectives using security standards such as WPA2 and WPA3, together with strong encryption, secure authentication protocols, and centralized access control for enterprise networks.
Why Does Wi-Fi Require Stronger Security Than Ethernet?
Signals transmitted over Ethernet remain confined to physical cables.
Wireless signals, however, propagate through the surrounding environment and often extend well beyond the walls of a building. Anyone within radio range may be able to detect these transmissions. Without appropriate security, an attacker could potentially:
- monitor network traffic;
- impersonate legitimate users;
- gain unauthorized network access;
- modify transmitted information; or
- disrupt normal communication.
For this reason, security has always been a fundamental requirement of wireless networking.
What Are the Main Objectives of Wi-Fi Security?
Wireless security aims to provide four principal functions:
- authenticate legitimate users;
- maintain the confidentiality of transmitted information;
- ensure the integrity of transmitted data; and
- prevent unauthorized access to the network.
Together, these mechanisms allow users to communicate securely even though the radio signals themselves are publicly accessible.
Why Was WEP Replaced?
The original IEEE 802.11 standard employed Wired Equivalent Privacy (WEP).
Its objective was to provide a level of security comparable to that of a wired Ethernet network. Unfortunately, weaknesses in its encryption algorithm and key management allowed attackers to recover encryption keys using relatively small amounts of captured traffic. As computing power increased, these attacks became increasingly practical.
Today, WEP is considered obsolete and should no longer be used.
What Is WPA2?
Wi-Fi Protected Access 2 (WPA2) replaced WEP as the principal wireless security standard.
WPA2 introduced several major improvements, including:
- stronger encryption;
- improved key management;
- message integrity protection; and
- more secure authentication procedures.
WPA2 employs the Advanced Encryption Standard (AES) using the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), providing a level of security suitable for most home and business networks.
What Improvements Does WPA3 Provide?
WPA3 builds upon the strengths of WPA2 while addressing several known weaknesses.
Important improvements include:
- stronger authentication;
- improved protection against password guessing;
- better security for public Wi-Fi;
- enhanced enterprise encryption; and
- simpler device provisioning.
These improvements make WPA3 the preferred security standard for new wireless installations.
What Is Simultaneous Authentication of Equals (SAE)?
One of the most significant improvements introduced by WPA3 is Simultaneous Authentication of Equals (SAE).
Traditional WPA2-Personal networks relied upon a pre-shared password during the authentication process. If an attacker captured the authentication exchange, it could potentially be analysed offline using automated password-guessing techniques. SAE replaces this approach with a secure password-authenticated key exchange.
Each password attempt requires interaction with the access point, making large-scale offline dictionary attacks far more difficult.
How Is Information Protected After Authentication?
Once a user has been successfully authenticated, all subsequent wireless traffic is encrypted.
Encryption converts the transmitted information into an unintelligible form that can be interpreted only by authorized devices possessing the correct cryptographic keys. Even if an attacker intercepts the radio transmission, the information remains unreadable without those keys.
Encryption therefore provides confidentiality while users communicate over the shared wireless medium.
How Are Enterprise Wi-Fi Networks Secured?
Large organizations usually require stronger security than a single shared password can provide.
Enterprise wireless networks commonly employ the IEEE 802.1X authentication framework. Instead of sharing one password among all users, each individual authenticates using personal credentials through a centralized authentication server. This approach offers several advantages:
- individual user authentication;
- centralized access control;
- easier password management;
- user accountability; and
- rapid removal of user access when required.
Enterprise authentication therefore provides much stronger security than pre-shared passwords.
Are Public Wi-Fi Networks Secure?
Public Wi-Fi hotspots present additional security challenges because they are often accessible without a password.
Traditionally, information transmitted over these networks was unencrypted unless applications themselves provided encryption. Modern wireless networks increasingly employ Opportunistic Wireless Encryption (OWE), which encrypts traffic between each user and the access point even when no password is required.
Many Internet applications also employ Transport Layer Security (TLS), ensuring that web browsing, online banking, and electronic commerce remain encrypted regardless of the underlying Wi-Fi network.
What Is Wi-Fi Easy Connect?
Many modern electronic devices have limited displays or keyboards, making long passwords difficult to enter.
Wi-Fi Easy Connect simplifies secure network configuration by allowing devices to join a WLAN using methods such as:
- QR codes;
- near-field communication (NFC); or
- secure out-of-band provisioning.
This simplifies installation while maintaining strong security.
Can Wireless Networks Be Completely Secure?
No communication system can ever be completely immune to attack.
However, modern WLAN security standards make unauthorized access extremely difficult when networks are configured correctly.
Good security practice includes:
- using WPA3 whenever possible;
- employing strong passwords or passphrases;
- keeping network equipment updated;
- disabling obsolete security protocols; and
- limiting access to authorized users.
Security therefore depends on both the technology and the way it is managed.
Will Wi-Fi Security Continue to Evolve?
Almost certainly.
As computing power increases and new threats emerge, wireless security standards will continue to improve.
Future developments are expected to include:
- stronger cryptographic algorithms;
- improved authentication methods;
- greater automation;
- AI-assisted threat detection; and
- increasing integration with enterprise identity-management systems.
Wireless security will remain an active area of development throughout the lifetime of Wi-Fi technology.
What Should You Remember?
- Wireless networks require stronger security than wired networks because radio transmissions can be received by anyone within range.
- Modern Wi-Fi security provides authentication, encryption, data integrity, and access control.
- WEP is obsolete because of well-known security weaknesses.
- WPA2 introduced strong AES-based encryption and became the dominant WLAN security standard.
- WPA3 improves authentication, resists offline password attacks, strengthens enterprise security, and better protects users of public Wi-Fi.
- Enterprise WLANs commonly employ IEEE 802.1X with centralized authentication servers rather than shared passwords.
- Strong security depends not only on modern standards but also on good network management and regular software updates.
