Following the disclosure of the KRACK vulnerability, WPA3 was developed to prevent "session replay" attacks. Aruba's Jeff Lipton explains the importance of WPA3 to Wi-Fi 6.
Jeff Lipton: Let's talk a little bit about the security for Wi-Fi networks. I think some people will tell you that Wi-Fi networks are not as secure as 5G networks. Generally, that's not true. What that refers to are networks that are set up improperly. For example, a coffee shop network where there's no password protection. Of course, that's not going to be secure.
So let's take WPA3 off the table for a minute. If you talk about WPA2-Enterprise, if it's set up properly, it's a very secure network. What WPA3 gives you is better encryption, better authentication, and it also gives you OWE, which is a way to encrypt a conversation on non-protected communications, non-password protected communications. I think WPA2 was a huge success, but that was done several years ago. Security threats have evolved, networks have evolved, and we have to evolve as well to address those threats. That's what WPA3 does.
SEE: Vendor risk management: A guide for IT leaders (free PDF) (TechRepublic)
Interestingly, if you compare WPA3 security with LTE and 5G security, it's generally a little bit ahead as far as authentication, encryption, and things like that. I'd say that security for both is good, but the security for WPA3 is marginally better.
James Sanders: Do you think that there's going to be more of a need for—say yearly or quarterly updates to the way that devices connect to Wi-Fi networks, in order to address security issues in the way that Android phones are patched or Windows is patched?
Jeff Lipton: Yeah, so that remains to be seen. Right now it's my understanding that WPA3 is very solid, and if it's deployed, with WPA3 for the enterprise, it represents the state of the art in security right now. I think as security threats evolve, we have to evolve our responses to them and be even proactive about it. We'll have to do that. It's also interesting to mention that when you talk about LTE and 5G security, there are certainly stingray attacks, and there have been a lot of highly publicized breaches and attacks there too. Nothing is completely secure, but we're very confident and happy with the security levels provided by WPA3 now.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- 10 dangerous app vulnerabilities to watch out for (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)