WPA3: Deploying WPA3 – What You Need to Know
As market adoption of WPA3 grows, it will eventually become the mandatory security certification for all Wi-Fi CERTIFIED devices. The Wi-Fi CERTIFIED WPA3™ program has been available for certifications since June of 2018, and will likely become mandatory in the next year or so.
While it will take a while for WPA3 to fully roll out, the important thing to know is the transition process began in 2018. This means safer, more secure Wi-Fi networks in the future. But still, what can you do in the meantime to prepare?
We have a few tips you should implement and have ready in the next 12 months:
- Make sure your current network is up to date with all WPA2 updates, which address authentication, encryption, and configuration issues, and patched against the KRACK attack.
- As I said before, the implemented changes are related to refining the set of acceptable Wi-Fi CERTIFIED device configurations using Protected Management Frames, which ensure devices have the highest possible security. What does this mean for you? Make sure PMF is being used on your network. Remember: PMF is required in WPA3.
- Next, ask your current vendor to ensure their Wi-Fi CERTIFIED devices are incorporating the best security protocol practices and closely related network protocols. This enhancement is designed to reduce potential vulnerabilities due to misconfiguration of networks or devices.
- Take a deeper look to make sure the components of your network– such as encryption, key establishment, digital signatures, etc. – are working together to deliver strong security at a similar strength as the security level that is configured, which should be at 128-bit level.
The next thing you can do is determine whether your current network is compatible with the new standard. Check with your current vendor to see just how “future-proof” your current network is. This not only means paying attention to compatibility with WPA3, but also with Wi-Fi 6.
Another nice option is a network that has the ability to receive the latest WPA3 functionality when available via a seamless update from a cloud management system. You should be able to push an update, rather than rip and replace entirely with a new network. Ask your vendor if they offer WPA3 capabilities through a software update.
Finally, don’t lower your guard while waiting for WPA3 to be certified. Continue to enforce strong, complex, and lengthy passwords for end-user security and make sure other compensating controls, such as network segmentation, are configured correctly.
Next time, we will discuss building a security culture within your organization. A lot of people think IT security is something for only the CIO to worry about. But, IT security is something that everyone must be concerned about. We will also dive into secure onboarding for guest, BYOD, and corporate devices.