๐ก
Wireless Security Cheat Sheet
WEP, WPA, WPA2, WPA3, and 802.1X authentication
| Type | Year | Encryption | Auth Method | Security | Notes |
|---|---|---|---|---|---|
| WEP | 1997 | RC4 (40/104-bit) | Open/Shared Key | Insecure | Cracked in minutes, never use |
| WPA | 2003 | TKIP (RC4) | PSK/Enterprise | Weak | Temporary fix for WEP, vulnerable |
| WPA2-Personal | 2004 | AES-CCMP | PSK (Pre-Shared Key) | Good | Most common, use strong password |
| WPA2-Enterprise | 2004 | AES-CCMP | 802.1X/RADIUS | Better | Individual user credentials |
| WPA3-Personal | 2018 | AES-GCMP-256 | SAE (Dragonfly) | Excellent | Forward secrecy, resistant to offline attacks |
| WPA3-Enterprise | 2018 | AES-GCMP-256 | 802.1X + 192-bit | Excellent | CNSA Suite, government-grade |
| Open (Enhanced) | 2018 | OWE | None (encrypted) | Good | Encrypted open networks |
| WPS | 2006 | Varies | PIN/Push button | Insecure | Brute-force PIN attack, disable this |
| 802.1X | 2001 | Varies | EAP methods | Excellent | Port-based access control |
| EAP-TLS | 2000 | TLS | Mutual certificates | Excellent | Most secure EAP, requires PKI |
| PEAP | 2002 | TLS tunnel | MSCHAPv2/GTC | Good | TLS tunnel + inner auth |
| EAP-TTLS | 2001 | TLS tunnel | Various inner | Good | Flexible inner authentication |
| MAC Filtering | N/A | None | MAC whitelist | Poor | Easily spoofed, not security |
| Captive Portal | N/A | None/TLS | Web login | Varies | Guest networks, hotels |
โ Never Use
WEP - Cracked in minutes.
WPA (TKIP) - Vulnerable.
WPS PIN - Brute-forceable.
โ Recommended
WPA3 - Best security, SAE handshake.
WPA2-Enterprise - Per-user creds, RADIUS.
EAP-TLS - Certificate-based, strongest.