WiFi security in 2018

Question

On my wireless network I have implemented WPA2 protocol with AES encryption. Last year there was several warnings that WPA2 is broken, hacked. Now there are announcements that WPA3 is comming in 2018. But until it comes, and everyone accepts it (wifi devices and clients) it may pass much more time. My wifi equipment has the possibility for RADIUS authentication. Should I implement it now, while waiting WPA3, or maybe RADIUS authentication could be permanently safe solution?

If you're talking about the KRACK attack, that is mitigated through updates. — Luc, Mar 17 '18 at 12:29

YLearn · Accepted Answer · 2018-03-17T18:37:21.957

You bring up a number of topics, but in the end only really ask one question. Let me address some of the topics mentioned briefly by referencing some of my other answers here.

Last year there was several warnings that WPA2 is broken, hacked

This would specifically be referencing KRACK. While this was a major security find, the real world implications of this vulnerability are limited. See my answer here for more on my reasoning that KRACK isn't really a major concern.

Now there are announcements that WPA3 is comming in 2018

I go through a number of details regarding WPA3 in my answer here. Feel free to check it for more information. The key point I keep making to people though is that while WPA3 is proposed by the the WiFi Alliance, to my current knowledge it is not in any way related to a current 802.11 amendment (which is the actual standard defining wireless networking operation).

My wifi equipment has the possibility for RADIUS authentication. Should I implement it now, while waiting WPA3, or maybe RADIUS authentication could be permanently safe solution?

Now to your question. This is really a question that is begging for opinions as different people will have different reasons to say yes or no to it.

Let me say that this is something you must decide for yourself. 802.1X RADIUS authentications are much more secure than using PSK, however it is still using WPA2, so that doesn't change.

Keep in mind that security and usability are often at odds with each other. Adding the additional security of 802.1X authentication to your wireless environment will make it more secure. But you will have additional complexity in configuring your clients properly to take advantage of the extra security. Additionally, many consumer devices (game systems, media players, etc) do not support 802.1X wireless authentications.

In the end, you must decide for your environment if the extra effort/complexity is worth the extra security. For some it will be, for others it won't.

score 1 · Answer 2 · answered Mar 17 '18 at 12:53

1

KRACK was just temporary. KRACK has been patched on most devices, and should not affect you. RADIUS is of course more secure against the keys being cracked, but WPA2 is still very secure.

answered Mar 17 '18 at 12:53

huw

19
3

If patched on *most* devices, then it is not "temporary" - how can you say that the OP should not be affected? – schroeder Mar 18 '18 at 00:00
@schroeder Unless OP is running some highly obscure operating system, it's already been patched. Also , RADIUS was also affected. – huw Mar 21 '18 at 09:29
@huw, are you saying that RADIUS was affected by KRACK? RADIUS itself was unaffected by KRACK and the RADIUS authentication is not vulnerable to KRACK. However the use of RADIUS and 802.1X does not mitigate KRACK as KRACK is an attack on the WPA2 handshake which is used by both PSK or a 802.1X authentication. – YLearn Mar 31 '18 at 06:25

WiFi security in 2018

2 Answers2