It’s no secret that pre-shared keys are insecure, especially compared to digital certificates.
However, with many services being moved to the cloud, fewer and fewer resources are being stored in-network. Shared files aren’t stored on an intranet these days, they’re in the cloud. New software runs on cloud-based servers, not on dusty racks in a basem*nt server room. Even if you’re still using the Microsoft Office Suite, chances are you’re storing the files in Google Drive or Office 365.
Practically nothing is stored on your business’ network. What’s the big deal if a hacker manages to compromise your PSK and gain access? All of the juicy stuff is still behind another layer of protection in the cloud.
It’s true that those resources are better protected, but even if the hacker only manages to breach your network they can inflict a lot of harm in a short amount of time.
Vulnerabilities of a Network Secured with PSKs
A PSK network is vulnerable to a wide variety of attacks including:
- Over-the-Air (OTA) attacks, especially Man-In-The-Middle attacks
- Brute force attacks using free security tools like Aircrack-ng
- Simple dictionary attacks
- Many types of Layer 2 attacks
- VPN+Firewall on PSK creates more attack vectors
- Password theft/loss
- Phishing attacks
Part of the reason PSK is so dangerous to use as the first line of defense is that, if an attacker manages to breach your perimeter by any means, they can simply navigate to a connected Windows device’s wireless settings and view the pre-shared key in plain text.
Of course, the lack of intrinsic cryptographical security is only one of PSK’s flaws. The human-related vulnerabilities are just as numerous, and probably more intuitive. Any disgruntled employee could give away the PSK, but even content employees are risks since stealing a previously connected laptop or smartphone will do the trick too. Phishing attempts that result in compromised machines are another common human vector of attack.
Cybersecurity expert Bert Kashyap says “Ultimately, WPA-PSK, WPA2-PSK, and pre-shared key approaches in general, have offered weak encryption and inevitable initialization issues.”
Layer 2 Attacks
Layer 2 of the OSI model is the “Data Link Layer”, the layer that transfers data between adjacent nodes on a wide area network. It’s a foundational layer that establishes the protocols and procedures that computers use to communicate.
It’s not typically the first route a hacker would choose to compromise a system due to the limited influence of the layer, and so layer 2 protection is often not prioritized. There are a number of attacks that occur there, however:
- Address Resolution Protocol (ARP) Attacks
- Content Addressable Memory (CAM) Table Overflows
- Spanning Tree Protocol (STP) Attacks
- Media Access Control (MAC) Spoofing
- Switch Spoofing
- Double Tagging
- Cisco Discovery Protocol (CDP) Reconnaissance
- Dynamic Host Configuration Protocol (DHCP) Spoofing
In fact, it’s possible to discover the IP address subnet of a network simply by examining the DHCP to see what IPs are assigned to it. A malicious actor can statically configure a duplicate IP of key devices like routers or printers and gain access to the network that way.
It’s unlikely or impossible that a hacker could access your files or resources with these techniques, but that’s hardly the only damage they can cause. Even simply taking down the network is enough to cause havoc in an office, and lacking internet access for days or weeks can be even more costly than a breach.
Man-in-the-Middle Attacks (MITM)
We have gone in-depth before about the specifics of MITM attacks, but it’s a problem shared by all networks that are secured with PSKs.
Even if your employees are smart enough to avoid standard phishing attempts, a clever hacker can exploit your “dumb” smart devices to give up important passwords. Your Wi-Fi network is almost certainly detectable by people outside the office, giving them all the information they need to spoof it. Smartphones and laptops will connect to a spoofed network masquerading as the true one if the signal strength is stronger than the original (which might be the case when you leave the building).
Even if you don’t store resources on local drives, it’s probable that those passwords are reused for other applications that do have valuable information attached. Even if you have excellent password protocols and that’s not the case, the hacker can use the network access to distribute any manner of viruses, opening you up to a litany of further attacks.
Replace PSK with Certificate-Based WPA2-Enterprise
The only way to truly be confident in the security of your authentication is to ditch pre-shared keys and use digital certificates.
Certificates offer several key advantages over passwords:
- They tie identity to access so you always know exactly which person or device is using the network
- They are more convenient to users, reducing authentication time and removing the need to remember login information
- They eliminate password-related disconnects caused by 90-day password-reset policies and similar
- The asymmetric cryptography that underpins certificates is vastly more secure than the symmetric cryptography of PSKs and other credentials
The best part? Transitioning to certificates has never been easier.
Migrating Away From PSK
Being faced with the prospect of a large infrastructure overhaul is daunting. Moving from WPA2-PSK to WPA2-Enterprise certificate-based authentication isn’t as difficult as you might think, however. You can migrate from PSK to digital certificates by enabling the EAP-TLS network authentication protocol on your network and configuring devices to enroll for certificates.
If that sounds like a lot of hassle to you – you’re not alone. It’s been known for years that certificates are a much more robust method of 802.1x authentication, but setting up the infrastructure has always been too burdensome. For small businesses especially, the cost of setup and maintenance was prohibitively expensive.
Fortunately, that’s no longer the case. SecureW2’s turnkey solution can integrate with your existing network infrastructure without any forklift upgrades. You get to keep using the equipment you already have and we’ll fill in the gaps. Our engineers are industry experts and they’re happy to work with you to identify exactly which services are necessary to fit your organization’s needs.
We have affordable options for organizations of any size. For more info about our pricing, click here.
Learn about this author
Patrick Grubbs
Patrick is an experienced SEO specialist at SecureW2 who also enjoys running, hiking, and reading. With a degree in Biology from College of William & Mary, he got his start in digital content by writing about his ever-expanding collection of succulents and cacti.
