WPA2,WI-Fi Network Security
WPA2 is the latest security protocol developed by the Wi-Fi Alliance.Personal mode and Enterprise mode deploy encryption method called AES-PEAP/CCMP to encrypt data transmitted over the air.Authentication code in Enterprise mode is different from personal mode.
WPA/WPA2 in Enterprise Mode (WPA2-ENT)
WPA2 Enterprise uses IEEE 802.1X, which offers enterprise-grade authentication. In this setup, there is no shared passphrase. The Enterprise mode of WPA/ WPA2 security enables to assign users a unique username and password to log into the Wi-Fi, if you implement the popular PEAP method.PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.PEAP is designed to provide more secure authentication for 802.11x. Other two popular protocols are TLS (Transport Layer Security) and TTLS (Tunneled TLS) .EAP protocol is used with a RADIUS (remote authentication dial-in user service) server and is called WPA2 radius. .it authenticates every user individually. The encryption keys for the network aren’t saved on computers or devices. Users never deal with the actual encryption keys. They are securely created and assigned per user session in the background after a user presents their login credentials. This prevents people from recovering the network key from computers.This technique prevents hackers from performing dictionary-based attacks.
Benefits of WPA2-ENT
1.No shared passwords
2.Enables enhanced security methods
3.VLANs can be dynamically assigned
4.Supports Network Access Protection (NAP)
5.Authentication methods can be extended to the wired network
WPA3 and Suit B
WPA2 has been under attack, hacked too, including the WPA2 KRACK attack. There have been recent developments and Wi-Fi Alliance has addressed this by WAP3, released in June of 2018. Like WPA2, it includes WPA3-Personal and WPA3-Enterprise versions. The Wi-Fi Alliance is in the early stages of developing a certification program known as Suite B for a set of encryption methods focused on encryption, key exchange, and related technologies for securing ultra-sensitive security domains. Suite B will likely be the next level of wireless protection. Till then WPA2-ET is best possible Wi-Fi security option.