High-speed internet revolutionized the process of getting online. Gone were slow, clunky 14.4K dial-up modems. As access to the internet progressed, wireless internet networks, commonly known as WiFi, liberated computing from stationary desktop computers to sleek laptops, tablets and gaming devices operated nearly everywhere.
However, WiFi presents significant security challenges which are often exploited by unscrupulous individuals ranging from squatters seeking free internet access to hackers and identity thieves. Over the years, WiFi network security has evolved to provide protection for both home and commercial WiFi networks against unauthorized access. Understanding how different WiFi encryption types work is essential for selecting the best possible security setup for a commercial WiFi network.
Table of Contents
Wired Equivalency Protection (WEP)
Wired Equivalency Protection (WEP) was the first WiFi encryption protocol developed back in the 1990s with standard 64-bit and 128-bit keys. It was intended to provide security at a similar level as wired networks, but it was soon discovered to have serious flaws. A major cyber attack against retailer TJMaxx in 2009 was attributed to security flaws in its WEP encryption security setup. These days, few commercial WiFi networks rely on WEP encryption. However, many older gaming consoles are only compatible with WEP. As a result, it is still used for some home WiFi networks, although it is not recommended for commercial networks.
WiFi Protected Access (WPA)
In 2003, WiFi Protected Access (WPA) with 256-bit keys was formally adopted as the successor and replacement for the flawed WEP encryption protocol. The most common configuration for WPA encryption is WPA-PSK (Pre-Shared Key). WPA also incorporated message integrity checks to determine if transmission had been compromised between the access point and the client, and the Temporal Key Integrity Protocol (TKIP). The per-packet key system employed by TKIP was more secure than WEP’s fixed key system. Unfortunately, TKIP recycled some aspects of WEP to facilitate firmware updates, which has weakened the security of WPA somewhat. WPA—WiFi Protected Setup (WPS), which was intended to allow older devices to link to updated access points has also been found to be vulnerable to unauthorized access.
WiFi Protected Access Version 2 (WPA2)
WiFi Protected Access Version 2 (WPA2) relies on the 802.11i wireless security standard, finalized in 2004. The major distinction between WPA2 and WPA is the transition from TKIP to the Advanced Encryption Standard (AES). AES provides significantly improved security over TKIP, and is approved for use by the U.S. government for transmitting top-secret information.
WiFi Encryption for the Future
WEP, WPA and WPA2 represent the three main WiFi encryption types that are presently available. However, WiFi Protected Access 3 (WPA3) and WEP3 Enterprise encryption were introduced in 2018 and are poised to become more widely adopted in the future. Opportunistic WiFi Encryption (OWE) represents advancement in WiFi encryption. OEP is primarily designed for use by public WiFi networks operated by establishments like airports and hotels.
Protecting WiFi Networks
At present, WPA2 + AES represents the ideal WiFi security setup. However, some access points do not support this optimal level of security. Other possible security combinations are listed below, ranked from more secure to less secure.
- WPA + AES
- WPA + AES with TKIP as a fallback
- WPA + TKIP
- WEP
Of course, while WEP WiFi network encryption is not ideal, it is better than no security encryption at all. Adding a virtual private network (VPN) and employing standard internet security for public wifis such as firewalls and antivirus and anti-malware software can beef up WEP security as well. It is also important to stay in touch with advances in WiFi encryption, and to evaluate how to adopt new security protocols into a commercial WiFi network to ensure maximum online security for employees and customers or clients alike.