Wireless Encryption Standards – CompTIA A+ 220-801: 2.5


Our wireless networks would be worthless if they didn’t include complex encryption methods. In this video, you’ll learn about the WEP, WPA, and WPA2 encryption protocols.

<< Previous Video: An Overview of Wireless Networking StandardsNext: Installing a SOHO Wireless Router >>


One of the challenges that we have with wireless networking is that every device on the wireless network is a radio transmitter and a radio receiver. Everybody can listen to everything that’s going on, and, with the right equipment, even if you aren’t part of the network, you can tap in and listen to what’s going on, just you would tune into a radio station on your dial.

To get around these shortcomings, of course, we encrypt the data. We make it so that even if you’re listening in to what’s going on, you would have no idea what was inside of that information because every bit and byte has been encrypted so that you can’t understand what’s going on. This means that the people who are on the network now need special access to be able to get onto this wireless network and to be able to join in with this encrypted conversation.

And there are two encryption standards that we tend to use to be able to do this. One is called WEP, W-E-P, and the other is called WPA. The original encryption standard for wireless networks is WEP. And that stands for Wired Equivalent Privacy. There were two different levels of encryption that we were able to use, a 64-bit key and a much stronger 128-bit key.

Unfortunately, in 2001, some pretty significant vulnerabilities were found with the WEP protocol. You were able to look at the key stream. And even just the beginning of that key stream, to find what they called strongly non-random data. And based on that information, they were able to gather a lot of packets together and effectively find out what that secret key was for the network. And once you knew that one secret key, you had complete access to everything. You could see everyone’s communication and know exactly what was going on on that wireless network.

Obviously, this was a significant issue. People were able to determine what these keys were in just a few minutes by sending packets onto your wireless network. So the rule for WEP is not to use it. It might be available in your access point. Newer access points in newer wireless devices aren’t even allowing you to choose WEP. It’s not even an option. And if you ever run across it, your rule of thumb should be to never, never use the WEP encryption protocol.

When this vulnerability was found, we realized very quickly we needed an alternative. And so a work around was created called WPA. That stands for Wi-Fi protected access. WPA used an encryption method called RC4 along with something called TKIP, T-K-I-P, that stands for temporal key integrity protocol. And TKIP did was, every packet would be assigned a different key. This would hopefully get around some of the problems that we found with the vulnerabilities inside of WEP. But this was only a short-term workaround. This was something put in place so that we could use exactly the same hardware, but still provide some security to the data going over our wireless network.

The final replacement to WEP was one called WPA2. And effectively, this was also the replacement to WPA. WPA2 had a similar name. It simply put a 2 at the end of WPA. But it used very different methods to encrypt the data going across the network. It used advanced Advanced Encryption Standard, or AES. And that replaced completely RC4– so a completely different method of doing the encryption. It also used CCMP, which stands for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol to replace that TKIP protocol in the previous version of WPA.

There’s also a version of WPA2 you might see called WPA2 Enterprise. This is what most large organizations will use. So instead of using a pre-shared key that everybody would get, which is something you might do at home, instead you’d use authentication, a username and password, to get access to the wireless network. And you had a completely different way of gaining access, instead of that pre-shared key.

It uses something called RADIUS, which is an authentication method behind the scenes. And when you first connect to your enterprise wireless network, you’re requested to give a username and password. That username and password is checked on the RADIUS server against some method like an Active Directory or LDAP database. And then, finally, you’re given access to the wireless network. It’s a much more secure way to gain access to the wireless network than using something like a pre-shared key that everybody might use on their devices.

So if you’re trying to determine what type of wireless encryption you should use on your network, you should certainly not use the original WEP or WEP. And you would probably not use that interim WPA. There are even some vulnerabilities that we found with WPA. You would almost always choose WPA2 as the encryption method that you would use to secure your wireless communication.