Wi-Fi is convenient—but convenience often lowers security. This module explains wireless authentication and encryption, common wireless attacks (Evil Twin, rogue APs, password attacks), and how defenders detect and harden networks. Labs are tightly controlled and performed only on instructor-managed or student-owned test setups.
💡 Learning Objectives
By the end of this module you will:
Explain Wi-Fi authentication and encryption differences (WEP, WPA2, WPA3).
Understand common wireless attack techniques conceptually.
Recognize detection signals for rogue APs and Evil Twin attacks.
Harden home and small-office Wi-Fi devices.
Perform a controlled lab demonstrating password strength effects and router remediation.
1. Wi-Fi Basics — How Wireless Security Works
Wireless communication uses radio waves; unlike wired traffic, it can be intercepted without physical access. Wi-Fi security aims to:
Authenticate clients to networks.
Encrypt frames to protect confidentiality.
Ensure data integrity.
Common Terms
SSID: Network name (public identifier).
BSSID: The MAC address of the access point.
WPA2/WPA3: Wi-Fi security standards using modern encryption.
WPS: Easy setup feature (often insecure).
Enterprise vs Personal: 802.1X (enterprise) vs pre-shared key (PSK) for homes.
2. WPA2 vs WPA3 (Practical Differences)
| Feature | WPA2 (PSK) | WPA3 (SAE / Enterprise) |
|---|---|---|
| Handshake | PSK (vulnerable to offline cracking) | SAE — resilient to offline dictionary attacks |
| Individualized Encryption | No | Yes (protects against shared-key exposure) |
| Forward Secrecy | Limited | Improved |
| Management Frame Protection | Optional | Stronger support |
| Recommendation | Use only if WPA3 not available | Preferred where hardware supports it |
Action: Upgrade routers and clients to WPA3 where possible. If unsupported, use WPA2-AES (not TKIP) and strong passphrases.
3. Common Wi-Fi Attacks (Conceptual)
Evil Twin / Rogue AP
Attacker sets up an AP mimicking a legitimate SSID to trick users into connecting. Once connected, the attacker can intercept traffic (MITM), capture credentials, or serve malicious content.
Rogue Client
Unauthorized client connecting to your network or offering services that appear legitimate.
Password Attacks
Offline dictionary/brute-force attacks on captured handshakes (WPA2).
WPS PIN attacks exploiting weak 8-digit setup PINs.
Deauthentication / Disassociation
Attacker sends spoofed management frames to disconnect clients — used to force reconnection to a malicious AP.
Eavesdropping & Sniffing
Capturing unencrypted traffic (HTTP, old protocols) to read content.
4. Detection & Monitoring
Indicators of compromise or attacks
Multiple devices drop simultaneously (possible deauth attack).
New SSID appears with the same or similar name and stronger signal.
Unexpected DNS redirects or captive portals.
Suspicious DHCP leases on the network.
Detection Tools (lab/demo)
Kismet, Acrylic Wi-Fi, Aircrack-ng’s airodump-ng (monitoring only in controlled lab).
Router logs and DHCP tables.
SIEM/IDS rules for wireless event logs in enterprise setups.
Note: Instructors should demonstrate detection tools only on controlled lab equipment or test ranges.
5. Hardening & Remediation Checklist
Router & AP Configuration
Change default admin username and password.
Disable WPS.
Use WPA3-Personal or WPA2-AES (CCMP) if WPA3 unavailable.
Use a strong passphrase (16+ characters, random or phrase).
Hide SSID only for minor obscurity—not a security measure.
Disable remote management or secure it (restrict by IP or VPN).
Keep firmware up to date.
Use guest networks for IoT or visitors (network segmentation).
Monitoring & Policies
Enable logging and periodically review logs.
Set up alerting for new/unrecognized MACs or SSIDs.
Schedule firmware checks quarterly.
Enforce device onboarding policies (MAC filtering is limited—use 802.1X for true control).
6. Practical (Safe) Lab — Controlled Wi-Fi Test Network
Goal: Demonstrate how password strength affects the time to crack (conceptual) and practice hardening steps. All testing is done on an instructor-managed closed network or student-owned router with written consent.
Lab Setup (Instructor)
Use a dedicated test router/AP isolated from the production network.
Configure AP with a known SSID and a weak passphrase, then with a strong passphrase.
Ensure no other users are connected to the test AP.
Exercise Steps
Observe: Use a monitoring tool (read-only mode) to discover the test SSID and confirm BSSID and channel.
Capture: Instructor demonstrates capturing a WPA2 handshake using a controlled client reconnect (no deauth against real users).
Crack Time Simulation: Instead of performing a real crack (which might be misused), show estimated crack times using passphrase entropy calculators and explain how GPU cracking scales.
Harden: Change AP settings to WPA3 or a strong WPA2 passphrase; disable WPS; change admin creds.
Verify: Re-scan and show improved security posture; document the remediation checklist.
Deliverable: Router remediation checklist + short report comparing weak vs strong passphrases and why WPA3 improves security.
Safety Rules
NEVER capture or attack networks you do not own or have explicit permission for.
Use instructor-managed instrumentation and consented devices only.
7. Ethics & Legal Considerations
Wireless testing without consent is illegal and can disrupt services for others. Always:
Obtain written permission before any active testing (penetration, deauth, handshake capture).
Use controlled lab ranges or isolated hardware for demos.
Respect privacy and do not collect any personal traffic or credentials.
Relevant laws and local regulations vary — check local statutes (e.g., IT Act in India) before performing tests.
💡 Quick Tips Box
💡 Use passphrases of 16+ characters for Wi-Fi—longer beats complexity.
⚙️ Disable WPS and remote admin on consumer routers.
🔍 Monitor for duplicate SSIDs and unexpected captive portals.
📘 Keep a secure copy of your router config so you can restore after tests.
8. Summary & Takeaways
Wi-Fi security is a balance of strong configuration, monitoring, and cautious user behavior.
✅ Key takeaways:
Prefer WPA3 where possible; otherwise use WPA2-AES + long passphrases.
Rogue APs and Evil Twins rely on user trust—educate users to verify networks.
Detection and monitoring provide early warnings—log and review regularly.
Always perform wireless testing only with consent in controlled environments.
🧱 Next Up: Module 8 — Windows Security — Vulnerabilities & Defenses →