Wi-Fi Security Protocols: WEP, WPA2, WPA3
Trace the evolution from the broken WEP standard through WPA2-PSK and Enterprise to the SAE handshake introduced in WPA3.
Why Wireless Security Is Unique
Wireless networks broadcast signals through the air, crossing physical boundaries that wired networks respect. Anyone within range of a Wi-Fi signal can attempt to connect or capture traffic without physically accessing a building. This makes wireless inherently more exposed than wired networks. Security protocols — WEP, WPA, WPA2, and WPA3 — were developed progressively to address weaknesses found in their predecessors. Understanding this evolution is critical for the Security+ exam and for auditing real-world wireless environments.
WEP: The Broken Standard
WEP (Wired Equivalent Privacy) was the original 802.11 security standard introduced in 1997. It used a 40-bit (later 104-bit) key with the RC4 stream cipher and a 24-bit Initialization Vector (IV). The IV was far too small — with only 16 million possible values, IVs repeat rapidly on busy networks. Attackers could collect enough frames with repeated IVs to recover the secret key using statistical analysis. Tools like Aircrack-ng can crack WEP in minutes by capturing as few as 50,000 packets. WEP is completely broken and must never be used.
# WEP weaknesses:
# - 24-bit IV too small (reuses within hours)
# - RC4 key scheduling vulnerability
# - No MIC (message integrity check) — bit-flipping possible
# - No replay protection
#
# Cracking WEP with aircrack-ng:
# airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0
# aircrack-ng capture-01.capAll lessons in this course
- Wi-Fi Security Protocols: WEP, WPA2, WPA3
- Wireless Attacks: Evil Twin, Deauth, and Rogue AP
- Enterprise Wireless: 802.1X and RADIUS
- Bluetooth and IoT Wireless Threats