Wi-Fi networks are inherently insecure as compared to wired networks because of their broadcasting nature. Therefore the data over the network should be protected using encryption. As a measure towards enhancing the security, Wi-Fi routers are configured to encrypt incoming and outgoing data. Let’s have a look at encryption protocols for the same.
Wired Equivalent Privacy (WEP)
This protocol was introduced using original 802.11 standards. The main focus of this protocol; as the name suggests; is to provide security which is equivalent to wired networks. It uses 40 or 104or 128-bit encryption key. However, this algorithm has significant weaknesses and it is very easy to hack networks using this encryption. It was deprecated by Wi-Fi alliance yet it is available in many routers as one of the encryption option.
Wi-Fi Protected Access (WPA)
This uses partial implementation of 802.11i standards and it superseded WEP. It uses Pre-Shared Key (PSK) and Temporal Key Integrity Protocol (TKIP). TKIP generates a 128-bit key for each packet on the network making it more robust than WEP. Also, because of PSK, a security password needs to be entered on access point and it does not change.
Wi-Fi Protected Access version 2 (WPA2)
This is based on complete implementation of 802.11i standard and is more secure than its earlier version i.e. WPA. It uses Advanced Encryption Standard (AES) and it is used most widely currently. It has 2 flavors.
WPA2-PSK (Pre-Shared Key)
It is used for home usage or very small businesses. It uses 256-bit encryption key and authenticates every device using this key. Every user needs to enter a security password which is stored locally. As the password is stored locally and is generally known to the user, this type of encryption is not suitable for enterprise level networks.
In this type, a new encryption key is generated every time user logs on to the network using his network credential and the security password. This key is not stored locally and hence this protocol is more secured and widely used in enterprises. It also requires RADIUS (Remote Access Dial In User Service) which provides centralized authentication and authorization management for the users logging on to the network. RADIUS conforms to 802.1x standard.