| Wi-Fi Protected Access (WPA) is a security standard for wireless internet connections. It improved upon and replaced the original Wi-Fi security standard, Wired Equivalent Privacy (WEP). WPA was developed by the Wi-Fi Alliance to provide more sophisticated data encryption and better user authentication than WEP. The new standard, which was ratified by the IEEE in 2004 as 802.11i, was designed to be backward-compatible with WEP to encourage quick, easy adoption. WPA has discrete modes for enterprise users and for personal use. The enterprise mode, WPA-EAP, uses more stringent 802.1x authentication with the Extensible Authentication Protocol (EAP). The personal mode, WPA-PSK, uses preshared keys for simpler implementation and management among consumers and small offices. Enterprise mode requires the use of an authentication server. Network security professionals were able to support WPA on many WEP-based devices with a simple firmware update. While this effectively fixed the encryption issues that plagued earlier attempts at producing secure wireless protocols, it still had authentication issues that could be exploited. WPA2 uses the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) to provide message authenticity and integrity verification, and it is much stronger and more reliable than the original Temporal Key Integrity Protocol (TKIP) protocol for WPA. WPA2 still has vulnerabilities; primary among those is unauthorized access to the enterprise wireless network, where there is an invasion of attack vector of certain Wi-Fi Protected Setup (WPS) access points. Although this can take the invader several hours of concerted effort with state-of-the-art computer technology, the threat of system compromise should not be discounted. It is recommended the WPS be disabled for each attack vector access point in WPA2 to discourage such threats. Though these threats have traditionally been directed at enterprise wireless systems, even home wireless systems can be threatened by weak passwords or passphrases. Privileged accounts (such as administrator accounts) should always be supported by stronger, longer passwords and all passwords should be changed frequently. |
No comments:
Post a Comment