Wi-Fi Security Trends (Part 1)
It’s tough to think of anything in technology we take more for granted than our ubiquitous Wi-Fi connections. We purchase new devices such as phones, TVs, security cameras, or even kitchen appliances and after simply selecting our wireless network and entering a password, we have seamless access to all the tools and information the internet offers. No longer do we have to consider how we will route twisted-pair or coax wires and plan usage for ports on a switch. Connectivity has never been easier. In many ways, wireless connections power our lives but are those connections safe? In order to keep you, your family, your employees, and your vendors protected, we’ve put together this series covering the latest trends in wi-fi security.
Overview of current Wi-Fi security trends:
- WPA3, the latest version of Wi-Fi Protected Access, is becoming more widely adopted as it offers stronger security than its predecessor, WPA2.
- The use of the 802.1x standard for authentication is becoming more common, as it provides stronger security than the use of pre-shared keys.
- The use of multi-factor authentication (MFA) for Wi-Fi access is becoming more prevalent as a way to prevent unauthorized access to networks.
- The use of network segmentation and micro-segmentation to create different security zones within a network is becoming more popular to limit the spread of infection in case of a breach.
- The use of Next-Generation Firewall (NGFW) is being used to provide granular control over network traffic and protect against advanced threats.
- The use of software-defined networking (SDN) is becoming more common as it allows for more centralized control over network security.
- The use of the Wi-Fi 6 standard is becoming more widespread, which is more secure than previous versions, providing better encryption and better management of rogue devices.
WPA3 (Wi-Fi Protected Access version 3) is the latest version of the Wi-Fi security standard, designed to replace WPA2. It offers several benefits over its predecessor:
- Improved security: WPA3 includes several new features to enhance security, such as the Simultaneous Authentication of Equals (SAE) protocol for stronger password-based authentication, and the Opportunistic Wireless Encryption (OWE) protocol for better protection of open networks.
- Enhanced encryption: WPA3 uses the Advanced Encryption Standard (AES) with a 128-bit key for better protection of sensitive data. This is a more secure encryption standard than the Temporal Key Integrity Protocol (TKIP) used in WPA2.
- Robust protection against dictionary attacks: WPA3 uses a feature called “Enhanced Open” which encrypts all data even on open networks, making it more difficult to perform dictionary attacks.
- Protection against brute force attacks: WPA3 includes a feature called “Protected Management Frames” which makes it more difficult to perform brute force attacks by limiting the number of failed login attempts.
- Improved security for IoT devices: WPA3 includes a feature called “Easy Connect” which allows for simplified setup and connection of IoT devices to a network, while still providing robust security.
It’s important to note that WPA3 is not backward-compatible with WPA2 and devices that support WPA3 will not be able to connect to networks that are using WPA2.
Protected Management Frames (PMF) is a feature of the Wi-Fi Protected Access version 3 (WPA3) security standard that provides additional protection against unauthorized access to a wireless network.
PMF is designed to protect against rogue access points and other malicious actors attempting to connect to a network. It does this by providing a method for wireless devices to authenticate the identity of the network they are connecting to. It also provides a way for the network to ensure that the devices are authorized to connect.
PMF uses two main components to secure the management frames:
- The first component is called “Authenticated Management Frame Protection” (MFPA), which uses digital certificates to authenticate the identity of the network and the device.
- The second component is called “Encrypted Management Frame Protection” (MFPR), which encrypts the management frames to protect them from eavesdropping and tampering.
PMF provides robust protection for the management frames of a wireless network. This includes protection for the frames that are used for association, authentication, and key management. By protecting these frames, PMF makes it more difficult for rogue access points and other malicious actors to connect to the network.
It’s important to note that PMF is not enabled by default, it needs to be enabled by the network administrator on the wireless access point and client devices also need to support it to be able to connect to the network.