Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

5.1.3. Wireless and Mobile Security

šŸ’” First Principle: Wireless networks broadcast data through the air, making interception fundamentally easier than on wired networks. Mobile devices operate in untrusted environments by definition ā€” they connect to public Wi-Fi, travel through insecure locations, and can be physically lost or stolen. Both require security controls that account for the loss of physical control over the communication channel and the device itself.

Wireless security protocols:
  • WPA3 ā€” current standard. Uses SAE (Simultaneous Authentication of Equals) for stronger key exchange, individualized data encryption, and protection against offline dictionary attacks.
  • WPA2 ā€” predecessor, still widely used. Vulnerable to KRACK attacks and offline brute-force against the PSK.
  • WEP ā€” completely broken, never use. Trivially cracked in minutes.

Wireless deployment models: Enterprise mode uses 802.1X with RADIUS for per-user authentication. Personal mode uses a pre-shared key (PSK). Enterprise is more secure for organizations because each user has unique credentials.

Mobile Device Management (MDM) ā€” centralized control over mobile devices: enforce encryption, require passcodes, remotely wipe lost devices, control application installation, manage OS updates, configure VPN profiles.

BYOD (Bring Your Own Device) introduces challenges: the organization doesn't own the device, so must balance security controls with employee privacy. Containerization separates corporate data from personal data on the same device.

Connection methods and security considerations: cellular (generally secure, provider-managed), Wi-Fi (varies widely, use VPN on public networks), Bluetooth (short range, pairing vulnerabilities), NFC (very short range, used for payments).

Wireless site surveys assess signal coverage, identify interference, and detect rogue access points. Heat mapping shows signal strength throughout a facility, ensuring adequate coverage without excessive signal leakage beyond physical boundaries. Regular wireless scanning detects unauthorized access points that employees or attackers may have installed.

āš ļø Exam Trap: WPA3 is the current standard. WPA2 Enterprise (802.1X/RADIUS) is more secure than WPA2 Personal (PSK). WEP should never be used. If a question asks for the most secure wireless configuration, WPA3 Enterprise is the answer.

Alvin Varughese
Written byAlvin Varughese
Founderā€¢15 professional certifications