Network Security - Wi-Fi security and its vulnerabilities

1. What is Wi-Fi Security?

Wi-Fi security refers to the measures used to protect wireless networks from unauthorized access, eavesdropping, and attacks.

Wireless networks are inherently more vulnerable than wired networks because signals travel through the air, making them easier to intercept.

2. Common Wi-Fi Security Protocols

a) WEP (Wired Equivalent Privacy)

  • Introduced: 1997

  • Encryption: RC4 stream cipher

  • Key size: 40 or 104 bits

  • Vulnerabilities: Weak key management, easy to crack

  • Status: Obsolete

b) WPA (Wi-Fi Protected Access)

  • Introduced: 2003 as a temporary solution for WEP weaknesses

  • Encryption: TKIP (Temporal Key Integrity Protocol)

  • Vulnerabilities: Better than WEP, but still vulnerable to attacks like dictionary and brute-force attacks

c) WPA2

  • Introduced: 2004

  • Encryption: AES-based CCMP (strong)

  • Pros: Strong security for most networks

  • Vulnerabilities: Can be attacked using KRACK (Key Reinstallation Attack) if devices are unpatched

d) WPA3

  • Introduced: 2018

  • Encryption: SAE (Simultaneous Authentication of Equals)

  • Pros: Stronger protection against brute-force attacks, forward secrecy, improved IoT support

  • Status: Recommended for modern networks

3. Common Wi-Fi Vulnerabilities

  1. Weak Passwords

    • Easy-to-guess passwords make WPA/WPA2 networks vulnerable.

  2. Evil Twin Attacks

    • Attacker creates a fake Wi-Fi hotspot with the same name (SSID) to steal data.

  3. Packet Sniffing

    • Unencrypted Wi-Fi traffic can be intercepted using tools like Wireshark.

  4. Man-in-the-Middle (MITM) Attacks

    • Attacker intercepts and possibly alters communications between devices.

  5. KRACK Attack

    • Exploits WPA2 handshake vulnerabilities to decrypt traffic.

  6. Rogue Access Points

    • Unauthorized APs connected to a network can bypass security policies.

  7. WPS (Wi-Fi Protected Setup) Exploits

    • WPS PIN can be brute-forced, compromising network access.

4. Best Practices for Wi-Fi Security

  • Use WPA3 encryption wherever possible.

  • Set a strong, unique Wi-Fi password.

  • Disable WPS on routers.

  • Regularly update firmware of routers and devices.

  • Use a VPN on public Wi-Fi to encrypt traffic.

  • Hide your network SSID (optional, but not foolproof).

  • Monitor network for unknown devices.

Wi-Fi security is critical because wireless networks are the main entry points for attackers in homes, offices, and public hotspots.