The early wireless local area network (WLAN) security methods were not very robust. Wired equivalent privacy (WEP) devices have particularly been prone to hacking.
As a result, the Wi-Fi Alliance, which represents most suppliers of wireless hardware, has produced better security protocols called Wi-Fi protected access and its successor, WPA2.
What is Wi-Fi protected access (WPA)?
WPA and WPA2 use different methods of encryption that are stronger and better designed than WEP. You can select products that use WPA and WPA2 by looking for 'Wi-Fi WPA' in their specifications. Products that comply with WPA will work together - a critically important requirement.
Both WPA and WPA2 can operate in two modes:
- Personal mode - uses a pre-shared password or pass phrase for authentication. This simple approach makes sure a computer can only get access to the WLAN if the password matches the access point's password.
- Enterprise mode - uses a more sophisticated method of encryption better suited to larger organisations that need stronger protection.
Which standards to use with WPA2?
The Institute of Electrical and Electronic Engineers (IEEE) standard 802.11i is based on an existing approach used for wired networks called 802.1X.
This approach allows devices that are connecting to a network to be authenticated. It prohibits access to the network until such devices pass authentication, and uses other modern techniques such as:
- temporal key integrity protocol
- counter-mode/CBC-MAC protocol
This may become more important to your business as emerging technologies are likely to be 802.11i compatible. WPA2 is partly based on standard 802.11i.
For practical purposes, a small business should currently select 802.11n or 802.11.ac and WPA2-based devices, with 802.11i being a useful additional feature for the future. See more on WLAN standards.
Keep in mind that wireless hardware manufacturers often supply their products with the security settings turned off. Make sure that you set the device up properly before using it. See 10 tips for better WLAN security.