Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

WLAN Authentication and Encryption

Nov 9, 2011 • 3 Minute Read

When deploying a wireless LAN, it is very important to deploy secure methods for authentication and encryption so that the network can only be used by those individuals and devices that are authorized. This article takes a look at the commonly used methods of wireless LAN authentication as well as the available encryption methods.

WLAN Authentication Methods

It is important to understand that there is a distinction between being authenticated onto a wireless network and then having the traffic passed be encrypted. It is possible to be authenticated onto a network and pass open unencrypted traffic; this section looks at the commonly used methods of authentication.

There are three main methods of authentication that are used on today's wireless LANs:

open authentication

shared authentication

The open authentication method is the simplest of the methods used and only requires that the end device be aware of the Service-Set Identifier (SSID) used on the network, as long as the SSID is known then the device will be allowed onto the network. The problem with this method is that the SSID is typically broadcast and if it is not, it can be easy to figure out with passive capturing techniques.

The shared authentication method is commonly used on individual and small business wireless LAN implementations; this method uses a shared key (Pre-Shared Key – PSK) that is given to both sides of the connection; if they match then the device is allowed onto the network.

The third method uses the Extensible Authentication Protocol (EAP) and is the most common method used by enterprises. The EAP method utilizes an authentication server that is queried for authentication using a variety of credential options.

WLAN Encryption Methods

Along with the method used for authentication, the choice of encryption method is a very important part of deploying a wireless LAN. Many of the encryption methods that were implemented in earlier wireless LAN standards have been proven insecure and have been depreciated by more modern methods. As time goes on, this is sure to happen with all encryption techniques as they are used more commonly (thus becoming a target for exploitation) and as processing power continues to increase.

Here are the WLAN encryption methods we'll review today:

EAP (Extensible Authentication Protocol) authentication

Wired Equivalent Privacy (WEP)

Wi-Fi Protected Access (WPA)

The first widely used standard for wireless LANs was 802.11 (prime); this included the Wired Equivalent Privacy (WEP) algorithm which was used for security. WEP utilizes RC4 for encryption and has been depreciated because of vulnerabilities that can be used to find the security keys.

In response to the vulnerabilities found in WEP, Wi-Fi Protected Access (WPA) was defined. WPA utilizes the Temporal Key Integrity Protocol (TKIP) which utilizes dynamic keys that were not supported with WEP and RC4 for encryption. The TKIP method used with WPA was utilized until vulnerabilities were found in TKIP. These vulnerabilities center on the fact that TKIP uses some of the same mechanisms that WEP does which allow similar attacks.

In response to the vulnerabilities in WPA/TKIP, the IEEE 802.11i standard was defined and implemented; the IEEE 802.11i standard is also referred to as WPA2. WPA2 replaced TKIP with Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) which is based on Advanced Encryption Standard (AES); it is common for the WPA2 encryption method to be referred to as AES. As of this writing, there are no easy methods that have been found to break AES.

Summary

How secure a wireless LAN is, greatly depends on a number of different configuration parameters that must be entered correctly. The problem with many existing wireless LANs is that the people that are implementing them simply do not have the security knowledge required to maintain a secure wireless network.

All existing and future wireless LAN implementers should make the effort to learn about the most secure methods provided by the chosen equipment (and quite possibly be part of the equipment selection process). The advantage that most modern equipment has is that the WPA2 standard is supported and not that hard to implement.

Hopefully this article can act as a primer to this education and will provide current and future WLAN administrators some information they need to secure their networks.

Wireless Security Training Resources:

If you're interested in learning more about Wireless LAN security, then take a look at these course offerings to see which one is right for you:

Wi-Fi Protected Access 2 (WPA2)

Cisco CCNA Wireless Training

Certified Wireless Network Administrator Training

Cisco CCNA Security Training

Recommended Reading:

CompTIA Security+ Training

Wireless Security Considerations: Common Security Threats to Wireless Networks

How to Prevent Threats and Attacks on Your Cisco Network

Warning: Your Wireless Communication Might Not Be Secure!

Top 10 Security Threats Every IT Pro Should Know

Sean Wilkins

Sean W.

Sean Wilkins is an accomplished networking consultant who has been in the IT field for more than 20 years, working with several large enterprises. He is a writer for infoDispersion and his educational accomplishments include: a Master’s of Science in Information Technology with a focus in Network Architecture and Design, and a Master’s of Science in Organizational Management. Sean holds certifications with Cisco (CCNP/CCDP), Microsoft (MCSE) and CompTIA (A+ and Network+).

More about this author