WPA Enterprise Wi‑Fi security

In this topic, you will learn about WPA Enterprise wireless security protocols, how they relate to RADIUS, and how they are supported by Portnox™ Cloud.

Introduction to WPA and RADIUS

Wi‑Fi Protected Access (WPA) is a family of security protocols designed to protect wireless networks from unauthorized access and eavesdropping. WPA replaced the outdated WEP standard with stronger encryption, improved authentication mechanisms, and enhanced protection against common attacks.

There are two main WPA modes: Personal and Enterprise. WPA Personal (PSK) is intended for home and small-office networks and uses a shared password for all devices. WPA Enterprise is designed for corporate environments, where individual users or devices authenticate using unique credentials.

WPA Enterprise relies on the IEEE 802.1X standard and uses a RADIUS server for authentication. The RADIUS server validates user or device credentials against an identity repository such as Active Directory, LDAP, or a cloud provider. This approach provides per-user/device authentication, supports dynamic access policies, and improves accountability by eliminating shared passwords.

Portnox Cloud fully supports WPA2 and WPA3 Enterprise protocols (including WPA3 Enterprise 192-bit mode).

WPA2 Enterprise

WPA2 Enterprise is widely used in corporate environments. It employs AES encryption to protect network traffic and requires an authentication server to validate credentials. Users and devices authenticate individually, often using EAP methods such as EAP-TLS (certificate-based) or EAP-PEAP/EAP-TTLS (credentials-based).

WPA2 Enterprise is an older standard, but it is still very popular because it is compatible with a wide range of network hardware including switches, access points, and controllers. It is suitable for most enterprise networks, providing strong security while maintaining compatibility with legacy devices that do not support WPA3.

WPA3 Enterprise

WPA3 Enterprise was designed to address the limitations of WPA2 and provide enhanced security for sensitive environments. It strengthens encryption, protects against offline password-guessing attacks, and ensures forward secrecy for all sessions. WPA3 Enterprise supports Simultaneous Authentication of Equals (SAE) for mutual authentication and optionally provides a 192-bit security mode that meets the Commercial National Security Algorithm (CNSA) Suite standards for high-security environments.

WPA3 was announced by the Wi-Fi Alliance in January 2018, with certification starting in June 2018, becoming mandatory for new Wi-Fi CERTIFIED devices since July 2020. It requires modern hardware that supports this standard.