Wireless Encryption – CompTIA A+ 220-901 – 2.5

Our wireless networks wouldn’t be very useful if we weren’t able to protect our data. In this video, you’ll learn which encryption types to use and which ones to avoid.

<< Previous: Wireless StandardsNext: Configuring a SOHO Wireless Router >>


Our wireless networks use radio frequencies. We’re broadcasting information into the air and were listening to the air to see if anything is out there. Because of that, of course, anyone could listen in to these communications. That’s why it’s so important to have encryption enabled on your wireless networks. That way everything sent across the air may be heard by other people, but they would not be able to see the information being sent from one device to another. Only people that have the proper password, have a proper wireless configuration, can transmit on the network, listen in to the information and understand what’s being sent.

When our 802.11 wireless networks were first introduced, we used an encryption standard called WEP. WEP stands for Wired Equivalent Privacy, and it gave a couple of different levels of encryption that we can configure on these devices. We could use either a 64-bit or 128-bit key size, using the RC4 stream cipher to be able to encrypt the information being sent over this wireless network.

Unfortunately, in 2001, we found some significant cryptographic vulnerabilities with WEP. You would see that some of the output key stream was quote, “strongly non-random,” which is not what you want if you’re trying to protect information on a wireless network. The bad guys could collect a lot of information from the wireless network, and from that discern what the WEP key was. And at that point, they were able to view everything being sent over that wireless network.

Because this is such a significant cryptographic vulnerability, no one should ever use WEP on their networks. It’s exceedingly easy to be able to determine what that WEP key is, and this would not protect any of your information being sent over that wireless network.

When the WEP vulnerability was identified, we had to go back to the drawing board and come up with a new way to protect information on our wireless networks. A short-term workaround was called WPA. That stands for Wi-Fi Protected Access. This still used the RC4 stream cipher, but it included the Temporal Key Integrity Protocol, or TKIP. It increased the initialization vector. There was an encrypted hash associated with this communication, and every packet over the network got a unique encryption key.

This was a short-term workaround that use some of the older protocols to encrypt the information, and we needed something that was stronger, that would be able to protect us into the future. WPA2 is the final version of that encryption change, and it’s the type of encryption we use on wireless networks today. This uses AES, which is the Advanced Encryption Standard. And it uses that inside CCMP, which is Counter Mode with Cipher Block Chaining Message Authentication Code Protocol.

This is the encryption method that effectively replaces TKIP that we were running with WPA. We also have a version of WPA2 called WPA2-Enterprise. You commonly see this being used in large organizations, where everyone would log into the wireless network with their own user name and password. You would not use a shared key across that wireless network. Whenever you’re in anyone’s network, and you’re authenticating to get access to the wireless network, you’re probably using WPA2-Enterprise.