Packet Protector PP089: Hidden Wi-Fi Misconfigurations and Wi-Fi 7 Issues to Be Aware Of
8 snips
Dec 2, 2025 Jennifer JJ Manella, a wireless networking and security expert, dives into the murky waters of WLAN misconfigurations. She reveals the perils of peer isolation and the critical balance needed for guest networks. JJ discusses the nuances between WPA2 and WPA3, stressing the importance of careful device migration. Misconfigured RADIUS setups could expose credentials, she warns, emphasizing the need for stringent certificate validation. The conversation also covers upcoming Wi-Fi 7 features and the client stickiness that could complicate deployments.
AI Snips
Chapters
Transcript
Episode notes
Enable Peer Isolation For Guest Wi‑Fi
- Enable peer isolation on guest or BYOD SSIDs to prevent clients from directly accessing each other on the same Layer 2 domain.
- Use filtering or ACLs for internal SSIDs where application communication requires client-to-client traffic.
RSA Venue Exposed Wired Infrastructure
- At RSA, Jennifer and Drew scanned the venue Wi‑Fi and found broad visibility into other systems due to missing isolation.
- The venue's network allowed connected clients to see office infrastructure because peer isolation was not enabled.
MPSK Is A WPA2 Workaround
- Multiple-PSK schemes (MPSK/PPSK/etc.) are vendor-specific workarounds tied to WPA2's passphrase model and not standardized.
- Moving to WPA3 and 802.1X is the more future-proof approach, but use a separate WPA3 SSID and migrate devices gradually.