Wireless Network Security – Only with an S

Phil Morgan • January 3, 2017

Wireless Network Security – it’s a huge concern

I want to address important concerns about wireless network security, that a lot people don’t immediately understand about wireless:

  • if you configure your wireless network with “no security” or “open authentication only” running, you basically have no security at all
  • if you don’t configure PSK or 802.1X/EAP/RADIUS, you are basically sending all your traffic unencrypted
  • if you don’t run the 4-way handshake, you have no encryption

I usually demonstrate these issues on my CWSP, CEH, and wireless hacking/ pentesting classes. I emphasize and demonstrate that anything you transmit, which is not encrypted, is completely visible to anyone. A hacker can capture it, and see it, without any effort.

Usually capturing traffic, and showing students how easy it is to get the HTTP/FTP username and password, is enough to make the students sit upright. However, when I then view an entire Telnet session, or replay an audio call, everyone’s attention is guaranteed.

There is no magic involved. If data is sent, unencrypted, over the wireless airwaves, anyone can hear it. So, if you are at a coffee shop, at a stadium or airport, or on a guest network, with no PSK or 802.1X/EAP/RADIUS, you have a problem.

We need to fix this, you need to be enjoying your coffee at the coffee shop, or watching the game at a sports bar, without worrying about who is spying on you.

Only with an ‘S’ – how to overcome free wireless network security issues (and thus enjoy that coffee)

Well there is a solution to this problem, of course, “Only with an S”

What I mean is, on an open network, you only EVER use protocols with an ‘S’ in them:

Wireless Network security - A screenshot of a text that says do n't use http instead use https

There are, of course, exceptions to the rule, don’t be fooled by SMTP, instead use SMTP with TLS (watch out here – SMTP by default without TLS, is *open*).

I have an additional rule, referring to SNMP, to add here: if the thing in question has a number available, use the biggest number. So, use SNMPv3, not SNMPv1, or SNMPv2.

Of course, the ultimate security precaution is to always use VPNs. (The ultimate solution to the free wireless security problem, and it has an ‘S’!) If you always use a VPN whenever you are on a public network, even when you are on a network outside the office, all your traffic will be encrypted as it crosses from your device to the other end of the VPN tunnel.

Watch out here, some configurations allow you to use split-tunneling which allows you to configure some traffic to go down the VPN path, but other traffic (usually email or web traffic) to jump off and be sent out locally – this, of course, may be convenient but can defeat the safety of a VPN. If you are using this feature, make sure you are using secure protocols, for the locally “split” traffic.

That’s it. Happy New Year to everyone, and we’ll see you next time!

So here is my wireless network security summary:

  1. Only use protocols with an ‘S’
  2. If they have an ‘S’ and have a TLS option, turn it on
  3. If they have a number, use the biggest one
  4. Use a VPN when you’re out of the office

Safe web browsing and, remember, enjoy that coffee!

 

If you are looking to make your mark in the IT Industry, then NC-Expert offers excellent training courses aimed at relevant IT industry certifications – contact us today to get started.

NC-Expert Blog

The Importance of Using a VPN

By Rie Vainstein March 31, 2025
A Digital Shield for Your Online Adventures As tech professionals, we often spend a good chunk of our lives navigating the digital realm. Whether you’re troubleshooting a network, coding a new app, or just binge-watching the latest series, one thing is clear: your connection to the internet is a double-edged sword. It’s both incredibly convenient and, if not properly secured, a potential vulnerability. Enter the VPN (Virtual Private Network) our trusty, digital bodyguard. If you’re not already using one, or if you’re not entirely sure why you should, let’s walk through some of the reasons why a VPN is essential for anyone working in IT and, frankly, for anyone who uses the internet. What Is a VPN? In simple terms, a VPN creates a secure, encrypted tunnel between your device and the internet. It allows your data to travel securely, masking your IP address, and ensuring that no one (be it hackers or nosy advertisers) can track or intercept your online activity. Think of it as your personal “cloak of invisibility” in the digital world! 

Troubleshooting Wireless Networks with Ekahau

By Phil Morgan March 13, 2025
Troubleshooting Wireless Networks with Ekahau: A Professional Engineer’s Guide Wireless networks have become the backbone of modern business infrastructure. From office environments to large-scale enterprises, ensuring a seamless wireless experience is essential for productivity. However, despite advancements in Wi-Fi technology, network performance issues often arise, ranging from signal interference and dead zones to capacity overloads and channel mismanagement. To tackle these issues efficiently, professional engineers rely on powerful tools. One such tool, Ekahau AI Pro, has become a gold standard in the wireless industry for troubleshooting and optimizing Wi-Fi networks. This blog delves into troubleshooting wireless networks using Ekahau tools, providing practical examples and technical insights to guide professional engineers in improving network performance.

Post-Quantum Cryptography: The Future of Digital Security?

By Rie Vainstein March 3, 2025
Futureproofing Our Security In our increasingly connected world, the security of digital information has never been more critical. From banking transactions to private communications, our data is constantly transmitted and stored across the internet. The current systems that protect this data rely on cryptography, a branch of mathematics that helps keep information secure by encoding it in ways that are difficult to decode without the proper key. However, with the rise of quantum computers, traditional cryptography is facing new and significant threats. This is where Post-Quantum Cryptography comes into play. What is Post-Quantum Cryptography? Post-Quantum Cryptography (PQC) [1] refers to cryptographic algorithms that are specifically designed to be secure against the power of quantum computers. Quantum computers, once they become practical, will be capable of solving complex mathematical problems much faster than classical computers. This will render many of the encryption methods we rely on today [such as RSA (Rivest, Shamir, and Adleman – initials of the inventors) and ECC (Elliptic Curve Cryptography)] vulnerable to attack. Quantum computers operate on quantum bits, or “qubits”, which can exist in multiple states simultaneously, unlike classical bits that are either a zer (0) or one (1). This allows quantum computers to perform certain calculations exponentially faster than classical computers. For example, in a matter of seconds, a quantum computer could potentially break an RSA key, which is considered secure by today’s standards. As quantum computing technology advances, the need for PQC becomes even more urgent.