With the number of wireless devices constantly rising, wireless security has become more important than ever. And in today’s hyperconnected world, we can use various tools and methods to help keep our data safe—one of which is enabling special protocols on our devices that encrypt data being sent to and from wireless access points.
Generally, wireless access points can enable one of the four types of wireless encryption: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, and WPA2 Enterprise.
This is the original encryption standard created for wireless networks, as defined in the 802.11 wireless standard from the Institute of Electrical and Electronics Engineers (IEEE). It offered two levels of encryption: a 64-bit key and a 128-bit key. However, soon after its release, vulnerabilities were discovered that made this protocol unsuitable for wireless protection. This encryption scheme is not recommended; however, it is still provided as an option, in some cases, to connect with legacy devices.
This encryption scheme was created as an answer to the flaws discovered in the WEP protocol. WPA uses a different system called Temporal Key Integrity Protocol (TKIP), which creates a unique encryption key for each data stream sent, allowing for more security. However, this method is also prone to vulnerabilities and is no longer considered the standard in wireless security.
WPA2 is the latest and current standard in wireless encryption. WPA2 uses Advanced Encryption Standard (AES) and a Pre-Shared Key (PSK) to provide security of transmissions. The PSK method is aimed primarily toward Small Office Home Office (SOHO) (small networks). Additionally, AES makes use of Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which provides additional measures of data integrity.
WPA2 Enterprise is the business grade equivalent of WPA2, aimed at enterprise environments. This method can take advantage of other security options in the business security environment, such as 802.1x port authentication to allow access onto the network. Users of this system may log in with a username and password, instead of a PSK, providing an extra layer of authentication.