Investigating Wi-Fi Protected Access (WPA)

In reaction to the problems that researchers discovered about the WEP encryption protocol, the Wi-Fi Alliance began work on the next generation wireless encryption standard. Called Wireless Protected Access (WPA), this standard corrects many of the problems associated with WEP and actually provides a degree of protection to wireless networks.

The Wi-Fi Alliance based WPA on an early, unpublished subset of the IEEE 802.11i security standard. Since then, the IEEE has published the final version of the 802.11i standard, and subsequent versions of WPA will incorporate more of 802.11i’s features.

Most new Wi-Fi gear supports WPA rather than WEP encryption. Some older devices are upgradeable to WPA simply by downloading a firmware update from the manufacturer. If WPA is available as an option on your Wi-Fi device, use it. It’s far more secure than WEP and will go a long way toward securing your home WLAN.

That said, WPA isn’t invulnerable to attack. To protect access points from attack, WPA authenticates users. If WPA detects two packets of unauthorized data within a one-second period, it assumes that it’s under attack and shuts down. Although this feature is meant to thwart an attack, it’s easily exploitable as a means to a denial-of- service (DoS) attack.

All an attacker has to do is send two bad packets every minute, and the access point will continue to shut down and reboot (see Figure 10-10). In fact, there are already attack tools available on the Web that automate this and make it easy to launch a WPA DoS attack.