Wireless Network Security – Only with an S

Phil Morgan • January 3, 2017

Wireless Network Security – it’s a huge concern

I want to address important concerns about wireless network security, that a lot people don’t immediately understand about wireless:

  • if you configure your wireless network with “no security” or “open authentication only” running, you basically have no security at all
  • if you don’t configure PSK or 802.1X/EAP/RADIUS, you are basically sending all your traffic unencrypted
  • if you don’t run the 4-way handshake, you have no encryption

I usually demonstrate these issues on my CWSP, CEH, and wireless hacking/ pentesting classes. I emphasize and demonstrate that anything you transmit, which is not encrypted, is completely visible to anyone. A hacker can capture it, and see it, without any effort.

Usually capturing traffic, and showing students how easy it is to get the HTTP/FTP username and password, is enough to make the students sit upright. However, when I then view an entire Telnet session, or replay an audio call, everyone’s attention is guaranteed.

There is no magic involved. If data is sent, unencrypted, over the wireless airwaves, anyone can hear it. So, if you are at a coffee shop, at a stadium or airport, or on a guest network, with no PSK or 802.1X/EAP/RADIUS, you have a problem.

We need to fix this, you need to be enjoying your coffee at the coffee shop, or watching the game at a sports bar, without worrying about who is spying on you.

Only with an ‘S’ – how to overcome free wireless network security issues (and thus enjoy that coffee)

Well there is a solution to this problem, of course, “Only with an S”

What I mean is, on an open network, you only EVER use protocols with an ‘S’ in them:

Wireless Network security - A screenshot of a text that says do n't use http instead use https

There are, of course, exceptions to the rule, don’t be fooled by SMTP, instead use SMTP with TLS (watch out here – SMTP by default without TLS, is *open*).

I have an additional rule, referring to SNMP, to add here: if the thing in question has a number available, use the biggest number. So, use SNMPv3, not SNMPv1, or SNMPv2.

Of course, the ultimate security precaution is to always use VPNs. (The ultimate solution to the free wireless security problem, and it has an ‘S’!) If you always use a VPN whenever you are on a public network, even when you are on a network outside the office, all your traffic will be encrypted as it crosses from your device to the other end of the VPN tunnel.

Watch out here, some configurations allow you to use split-tunneling which allows you to configure some traffic to go down the VPN path, but other traffic (usually email or web traffic) to jump off and be sent out locally – this, of course, may be convenient but can defeat the safety of a VPN. If you are using this feature, make sure you are using secure protocols, for the locally “split” traffic.

That’s it. Happy New Year to everyone, and we’ll see you next time!

So here is my wireless network security summary:

  1. Only use protocols with an ‘S’
  2. If they have an ‘S’ and have a TLS option, turn it on
  3. If they have a number, use the biggest one
  4. Use a VPN when you’re out of the office

Safe web browsing and, remember, enjoy that coffee! 😊

 

If you are looking to make your mark in the IT Industry, then NC-Expert offers excellent training courses aimed at relevant IT industry certifications – contact us today to get started.

NC-Expert Blog

Boost Your Career with IT Industry Certifications

By Rie Vainstein February 13, 2025
Critical Component for Your Future In today’s ever-evolving tech landscape, staying ahead of the curve is crucial. IT certifications not only validate your expertise but also help open the doors to better career opportunities and advancement. Whether you’re just getting started, or looking to advance, certifications from industry leaders like Ubiquiti , CWNP , CompTIA , and Cisco can be game-changers for your career. Why IT Certifications Matter IT certifications are a proven way to prove your skills and knowledge to employers. As businesses increasingly rely on technology for daily operations, they need professionals who can navigate the complexities of IT infrastructure, networks, and security. A certification can give you a competitive edge, help you land higher-paying roles, and keep you on the cutting edge of the tech industry.

The Realities of Transition Mode

By Phil Morgan February 11, 2025
The Grim Realities of Transition Mode Summary of a recent experience relating to Transition Mode. I have been quite vocal of my hatred of Transition Mode (for WPA3). We have a solution for this - dual SSIDs: https://wifisecuritywizard.com/general/problems-with-wpa3/ IMHO - Transition Mode is dumb! Turn on WPA3, and for everything that doesn’t support it, create a second SSID for now... while you upgrade everything! I have actually said “it’s 2025 for goodness sake, how many devices do you have that don’t do WPA3?!” Well, the other day, the universe decided to mess with me... Scenario: in one of our smaller offices, we are upgrading to Ubiquiti. I arrive on site, I upgrade the system, 5GHz only WPA3, everything is working great! I do one last check, and one of the users mentions, “Oh, the Brother color laser printer isn’t working.” (It’s a nice little device. Prints really well. Cheap to run.)

Frame Size and Wireshark

By Phil Morgan January 24, 2025
This blog is a write up of what was discussed at our AMA webinar session. (Link provided inline.)
Share by: