Wireless Encryption – CompTIA Security+ SY0-401: 1.5

Without encryption, our wireless networks would be relatively useless. In this video, you’ll get an overview of wireless encryption with WEP, WPA, and WPA2.

<< Previous Video: Protocols and the OSI ModelNext: EAP, PEAP, and LEAP >>

One of the challenges with using a wireless network is that you don’t have the ability to differentiate on who gets to hear the wireless network– your wireless access points are radio stationed. Anybody with the right equipment can tune into the channel and hear everything that happens to be going on. So that creates a bit of a challenge when you want to be sure that your information remains private.

That’s why we’ve created all these different encryption algorithms, and security has such a high priority on wireless networks, it’s because you can encrypt the data and make sure that just the people who need to be able to decrypt the data have that level of access. Now people with the password, then, can transmit and listen. There’s methods to set up additional authentication methods over wireless networks to make sure that people inside of your network have the proper credentials to be able to do that. We’re going to talk about how WEP can be used and how WPA and WPA2 are used to help protect data on the wireless networks that we use today.

When our 802.11 networks first came out, we came out with an encryption methodology called WEP– that stands for Wired Equivalent privacy. Like the name implies, we wanted to have the same level of protection on our wireless networks as we were getting on our wired networks. The way that this worked is you are able to set up some encryption keys in your wireless access point– either 40-bit keys or 104-bit keys, depending on which you would like to use. You can use different key sizes on your wireless access points.

The problem was that in 2001, we found some pretty significant cryptographic vulnerabilities associated with WEP. And it was basically the fact that WEP used static keys, the keys never changed. All of the people on your network were using exactly the same encryption key and the key was static all the time. So WEP became very easy to crack into a web connection using very basic functionalities of the computer in really just a few minutes. And for that reason, it’s highly recommended that nobody use WEP.

Sometimes you’ll run into legacy devices and all they can do is WEP. And you might want to consider just not using those legacy devices or setting up a completely different network just for legacy devices that need to communicate via WEP. Obviously when that particular encryption vulnerability was found, we decided, well, we need something quickly to replace that. So we came up with something called Wi-Fi protected access.

And you’ll see this referred to as WPA, WPA2, and there’s even a flavor called WPA2-Enterprise, where we are integrating with 802.1X to be able to do authentication. The WPA when it first came out, WPA used something called TKIP as the ability to encrypt the data that was going by. So this was an improvement over WEP, primarily because this temporal key integrity protocol allowed us to be able to change the keys in every packet. And so we rotated through those keys, which made it very difficult to decrypt that data. It was harder to hack into something like that.

Every packet got a unique encryption key, so therefore, there was constant change going on. This was really a stopgap measure, there were better ways to do the encryption– stronger encryption algorithms, and we knew we needed to move to that. But at least this very simplified and very useful TKIP protocol allowed us to use our older hardware to be able to still maintain an encrypted connection.

But in reality, everybody really should have moved by this point to WPA2. And this was the final certified version of WPA– came out in 2004. What it did was allow AES level encryption, that’s the advanced encryption standard algorithm, which is a very powerful encryption method. And it used a protocol called CCMP, the Counter Mode with Cypher Block Chaining Message Authentication Code Protocol. Boy, that’s a mouthful.

But that is the fundamental protocol that’s used to encrypt data inside a WPA2 wireless network. So as you’re looking at your wireless settings, you may have settings that say do you want to use WPA2 with TKIP, do you want to use WPA2 with CCMP? And if you have the ability to do that and have everybody on your network able to use WPA2 with CCMP, that’s probably the one you’d like to choose.