Wireless access points security – Wi-Fi encryption protocols to retire

Nowadays, everyone is aware that the data sent over Wi-Fi can be taken by those that can listen and decode the weakly encrypted Wi-Fi signal. I believe that it’s time to retire weak wireless encryption schemes and do not make them available in option menus of Wi-Fi enabled devices – they truly no longer add any benefit. Why do we still see WEP encryption as one of the options to choose from in wireless routers? Everyone has been aware of the weaknesses since early 2006. “Consider the case of the TJX company: In December 2006, TJX notified law enforcement officials that attackers had access to more than 46 million customer records complete with payment card data, for a period of not less than 18 months. In May 2007, the Wall Street Journal disclosed that anonymous sources fingered the wireless point-of-sale systems protected solely by the widely flawed WEP protocol.” (Five wireless threats you may not know, 2016)

Or why do we see TKIP (Temporal Key Integrity Protocol) as one of the available encryption protocols? This was “introduced with WPA to replace the very insecure WEP encryption at the time. TKIP is quite similar to WEP encryption. TKIP is no longer considered secure and is now deprecated. In other words, you shouldn’t be using it.” (Wi-Fi security, 2014). Everyone who had that option should upgrade their wireless settings to a stronger encryption type.

This is only a couple of example, in my opinion, everyone who has the option should immediately upgrade their wireless settings to a stronger encryption type. Luckily we have many options available.

However, to highlight the risks, I will only mention the encodings that are currently considered weak and should no longer be used as an encryption choice on any Wi-Fi device:

Weak:

  • Open Access: No passphrase. Hazardous, basically inviting an intruder through an open the door to your network.
  • WEP 64: Ancient WEP encryption – considered vulnerable.
  • WEP 128: WEP with a longer encryption key – easy to break, insecure.
  • WPA-PSK (TKIP): Nowadays considered archaic already – it isn’t secure.
  • WPA-PSK (AES): Old WPA protocol with slightly more modern AES encryption. A Little harder to break, but considered as insecure today.
  • WPA2-PSK (TKIP): Uses modern WPA2 standard with old TKIP encryption. This isn’t

If you’re using one of the above options on your wireless device, consider switching to a more secure encryption protocol!

 

References

Wi-Fi security (2014), Should you use WPA2-AES, WPA2-TKIP, or Both?  Available at: http://www.howtogeek.com/204697/wi-fi-security-should-you-use-wpa2-aes-wpa2-tkip-or-both/ (Accessed: 4 September 2016).

Top Ten Wi-Fi security threats (2010) Available at: http://www.esecurityplanet.com/views/article.php/3869221/Top-Ten-WiFi-Security-Threats.htm (Accessed: 4 September 2016).

Five wireless threats you may not know (2016) Available at: http://www.sans.edu/research/security-laboratory/article/wireless-security-1 (Accessed: 4 September 2016).

Facebook Comments