Wireless Network Security – Only with an S

Wireless Network Security – it’s a huge concern

I want to address important concerns about wireless network security, that a lot people don’t immediately understand about wireless:

  • if you configure your wireless network with “no security” or “open authentication only” running, you basically have no security at all
  • if you don’t configure PSK or 802.1X/EAP/RADIUS, you are basically sending all your traffic unencrypted
  • if you don’t run the 4-way handshake, you have no encryption

I usually demonstrate these issues on my CWSP, CEH, and wireless hacking/ pentesting classes. I emphasize and demonstrate that anything you transmit, which is not encrypted, is completely visible to anyone. A hacker can capture it, and see it, without any effort.

Usually capturing traffic, and showing students how easy it is to get the HTTP/FTP username and password, is enough to make the students sit upright. However, when I then view an entire Telnet session, or replay an audio call, everyone’s attention is guaranteed.

There is no magic involved. If data is sent, unencrypted, over the wireless airwaves, anyone can hear it. So, if you are at a coffee shop, at a stadium or airport, or on a guest network, with no PSK or 802.1X/EAP/RADIUS, you have a problem.

We need to fix this, you need to be enjoying your coffee at the coffee shop, or watching the game at a sports bar, without worrying about who is spying on you.

Only with an ‘S’ – how to overcome free wireless network security issues (and thus enjoy that coffee)

Well there is a solution to this problem, of course, “Only with an S”

What I mean is, on an open network, you only EVER use protocols with an ‘S’ in them:

Wireless Network security - A screenshot of a text that says do n't use http instead use https

There are, of course, exceptions to the rule, don’t be fooled by SMTP, instead use SMTP with TLS (watch out here – SMTP by default without TLS, is *open*).

I have an additional rule, referring to SNMP, to add here: if the thing in question has a number available, use the biggest number. So, use SNMPv3, not SNMPv1, or SNMPv2.

Of course, the ultimate security precaution is to always use VPNs. (The ultimate solution to the free wireless security problem, and it has an ‘S’!) If you always use a VPN whenever you are on a public network, even when you are on a network outside the office, all your traffic will be encrypted as it crosses from your device to the other end of the VPN tunnel.

Watch out here, some configurations allow you to use split-tunneling which allows you to configure some traffic to go down the VPN path, but other traffic (usually email or web traffic) to jump off and be sent out locally – this, of course, may be convenient but can defeat the safety of a VPN. If you are using this feature, make sure you are using secure protocols, for the locally “split” traffic.

That’s it. Happy New Year to everyone, and we’ll see you next time!

So here is my wireless network security summary:

  1. Only use protocols with an ‘S’
  2. If they have an ‘S’ and have a TLS option, turn it on
  3. If they have a number, use the biggest one
  4. Use a VPN when you’re out of the office

Safe web browsing and, remember, enjoy that coffee!

 

If you are looking to make your mark in the IT Industry, then NC-Expert offers excellent training courses aimed at relevant IT industry certifications – contact us today to get started.

NC-Expert Blog

Vendor-Neutral Certifications Matter More Than People Think

By Rie Morgan June 1, 2026
We all know that technology changes fast : vendors update products, rebrand solutions, release new platforms, and occasionally decide that the feature you spent months mastering is no longer "fashionable". In an industry that constantly evolves, it’s fair to ask an important question: Should you focus on vendor-specific certifications, or do vendor-neutral certifications still have a place? The answer might surprise some people. Despite the growing number of vendor-specific training paths, vendor-neutral certifications such as CompTIA Network+, CompTIA Security+, and CWNP Certified Wireless Network Administrator (CWNA) continue to provide enormous value. In many cases, they offer benefits that extend well beyond a single product, platform, or employer. For engineers pursuing a promotion, changing careers, or trying to build a stronger professional foundation, vendor-neutral certifications may matter more today than ever before.

IT Certification Exams: the Struggle is Real!

By Rie Morgan May 20, 2026
Why Experienced Engineers Sometimes Struggle with Certification Exams If you’ve spent years working in IT, there’s a good chance you’ve had this thought at some point: "I do this stuff every day. Surely the certification exam will be easy?" Then reality arrives. You sit the exam. The questions seem strangely worded. Topics appear that you rarely touch in your day job. You find yourself second-guessing answers you know are correct in the real world. Before long, confidence starts to evaporate. It’s a surprisingly common experience. In fact, some of the most experienced engineers occasionally struggle with certification exams, not because they lack technical ability, but because experience and exam readiness are two very different things.

Strong Passwords and Protocols

By Rie Morgan May 7, 2026
We are constantly being told to make sure our passwords are secure, and create a secure password. But oftentimes, the same sources don’t clearly explain how to do this and we are left puzzled and concerned about how to get it right. In this blog I will attempt to draw together the most reliable sources and explain what they mean and how to create the best password for your needs.