Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access are security protocols designed to ensure authentication when new users log into your wireless network. They are specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN.
A wired local area network (LAN) is generally protected by physical security mechanisms (controlled access to a building, for example) that are effective for a controlled physical environment, but may be ineffective for WLANs because radio waves are not necessarily bound by the walls containing the network.
By Cisco Eng. Shingie Lev Muringi
Remember that due to the Internet of Things (IoT) pioneering the increase in number of devices being connected on the Internet, Wi-Fi has become the most suitable connectivity choice due to its scalability and mobility advantage. But the greatest challenge comes when factoring issues of security because wireless signals are prone to interruption by hackers.
WEP seeks to establish similar protection to that offered by the wired network’s physical security measures by encrypting data transmitted over the WLAN. Data encryption protects the vulnerable wireless link between clients and access points. Once this measure has been taken, other typical LAN security mechanisms such as password protection, end-to-end encryption, virtual private networks (VPNs), and authentication can be put in place to ensure privacy.
WPA is a more powerful security technology for Wi-Fi networks than WEP. It provides strong data protection by using encryption as well as strong access controls and user authentication. WPA utilizes 128-bit encryption keys and dynamic session keys to ensure your wireless network’s privacy and enterprise security.
There are two basic forms of WPA:
• WPA Enterprise (requires a Radius server)
• WPA Personal (also known as WPA-PSK)
Either can use TKIP or AES for encryption. Not all WPA hardware supports AES.
WPA-PSK is basically an authentication mechanism in which users provide some form of credentials to verify that they should be allowed access to a network. This requires a single password entered into each WLAN node (Access Points, Wireless Routers, client adapters, bridges). As long as the passwords match, a client will be granted access to a WLAN.
Encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is in WPA-PSK, authentication is reduced to a simple common password, instead of user-specific credentials.
The Pre-Shared Key (PSK) mode of WPA is considered vulnerable to the same risks as any other shared password system – dictionary attacks for example. Another issue may be key management difficulties such as removing a user once access has been granted where the key is shared among multiple users, not likely in a home environment.