🌐 Networking Fundamentals Part 4 WiFi & Security

Networking Fundamentals —
WiFi, Security & HTTPS

IEEE 802.11 standards, wireless frequency bands, AES & public-key cryptography, TLS handshake, digital certificates, and how HTTPS secures every web request.

WiFi & IEEE Standards AES / RSA / ECDSA TLS Handshake HTTP vs HTTPS

Introduction to Wireless Networking

Ethernet networks use cables to carry electrical signals between devices. WiFi replaces those cables — instead of wire, data travels as radio waves through the air. WiFi is a family of wireless networking standards based on the IEEE 802.11 specification, enabling laptops, smartphones, tablets, smart TVs, and IoT devices to connect without physical cables.

What is IEEE?

IEEE — the Institute of Electrical and Electronics Engineers — creates technical standards used throughout networking. 802.3 governs Ethernet, 802.11 governs WiFi, and 802.1Q defines VLAN tagging.

WiFi Versions

Original IEEE names like 802.11n, 802.11ac, 802.11ax were confusing. The WiFi Alliance introduced simple numbered names — WiFi 4 through WiFi 7 — making it easy to identify capabilities at a glance.

Why New WiFi Versions Were Created

Each generation improved speed, range, efficiency, device capacity, and latency. Early WiFi handled email and basic web browsing. Modern WiFi must support 4K/8K video, cloud gaming, video conferencing, VR, and AI applications simultaneously.

WiFi, IEEE Standards and WiFi Versions — infographic covering sections 1 through 4
💡 Key takeaway: WiFi 6 (802.11ax) and WiFi 7 (802.11be) represent the current generation, with WiFi 6E adding 6 GHz band support for less congestion and higher throughput in dense environments.

Understanding Frequency

Frequency measures how many wave cycles occur every second, expressed in Hertz (Hz). 1 Hz = 1 cycle per second. WiFi operates at 2.4 GHz, 5 GHz, and 6 GHz — meaning billions of cycles per second. Higher frequency = more cycles = more opportunities to encode data.

Why Higher Frequencies Are Faster

Think of frequency like a highway: 2.4 GHz is a single-lane road where few vehicles travel, while 5 GHz is a 10-lane motorway. Higher frequencies allow wider channels, more data encoding per cycle, and therefore more total bandwidth: Higher Frequency → Higher Bandwidth → More Data → Higher Speed.

Why Higher Frequencies Have Shorter Range

This is physics. Higher frequency radio waves lose energy faster, are absorbed more easily by walls and furniture, and experience greater attenuation. 2.4 GHz penetrates walls well for long range at lower speed. 5 GHz offers moderate penetration and higher speed. 6 GHz delivers maximum speed but struggles through obstacles.

WiFi Bands

Modern routers broadcast multiple bands simultaneously — separate SSIDs (HomeWiFi-2.4G / HomeWiFi-5G) or a single SSID with band steering that automatically connects each device to its optimal band. No single frequency is ideal for every scenario, so combining all three provides the best flexibility.

Frequency, Higher Frequency Speed vs Range, and WiFi Bands — infographic covering sections 5 through 8

2.4 GHz

Long range, strong wall penetration, lower speed. Best for IoT devices and distant rooms.

5 GHz

Moderate range, higher speed. Ideal for laptops and streaming at medium distances.

6 GHz

Shortest range, highest speed and lowest congestion. Best for VR, 8K video, and close-proximity high-throughput use.

What is Encryption?

Encryption transforms readable data (plaintext) into unreadable data (ciphertext). Only someone with the correct key can reverse the process and restore the original data. Purpose: Privacy, Security, Confidentiality. Example: HELLO becomes A7X91B2Q after encryption.

AES Encryption

AES — Advanced Encryption Standard — is the most widely used encryption algorithm today. It uses a secret key for both encryption and decryption, making it symmetric encryption. AES is used in HTTPS, TLS, WPA2/WPA3, VPNs, SSH, and disk encryption. Available in 128-bit, 192-bit, and 256-bit key sizes — AES-256 is the most secure and commonly used variant.

Why AES Alone Is Not Enough

AES requires both parties to share the same secret key. But how do two strangers securely exchange that key over an untrusted network like the internet? Sending the key unencrypted defeats the purpose. This fundamental problem is solved by Public Key Cryptography.

Encryption, AES, and Why AES Alone Is Not Enough — infographic covering sections 9 through 11
🔑 AES protects the data. Public Key Cryptography (RSA/ECDSA) protects the key. In practice, TLS uses RSA or ECDSA to securely exchange an AES session key, then AES does the heavy lifting for all subsequent data — because AES is orders of magnitude faster than asymmetric algorithms.

RSA

RSA — named after inventors Rivest, Shamir, and Adleman — eliminates the shared-secret-key problem through public key cryptography. Every entity has two mathematically linked keys: a Public Key (shared freely) and a Private Key (never shared). Data encrypted with the public key can only be decrypted by the matching private key — so anyone can send an encrypted message, but only the owner can read it.

Digital Signatures

RSA also solves the question: "How do I know this message really came from who it claims to?" Digital signatures provide three guarantees:

Authentication

Confirms who sent the message — the sender must own the private key to produce a valid signature.

Integrity

Any modification to the message after signing invalidates the signature, detecting tampering.

Non-Repudiation

The sender cannot deny having sent the message — only their private key could have produced that signature.

ECDSA

ECDSA — Elliptic Curve Digital Signature Algorithm — achieves security equivalent to RSA but with dramatically smaller keys. An ECDSA 256-bit key provides roughly the same security as an RSA 2048-bit key. Smaller keys mean faster TLS handshakes, smaller certificates, lower CPU usage, and better performance on mobile and IoT devices. Modern websites increasingly prefer ECDSA certificates.

RSA, Digital Signatures, and ECDSA — infographic covering sections 12 through 14
🔐 RSA vs ECDSA in one line: Both are asymmetric. RSA is older and uses larger keys; ECDSA uses elliptic curve math to achieve equivalent security with much smaller keys and faster operations — making it the preferred choice for TLS certificates and modern cryptographic systems.

What is TLS?

TLS — Transport Layer Security — is the protocol that protects internet communications. Without TLS, credentials and payment data travel as plain text readable by anyone intercepting the traffic. TLS provides three guarantees: Confidentiality (nobody can read the data), Integrity (nobody can modify the data), and Authentication (you're talking to the real server, not an impersonator).

TLS Handshake

Before encrypted communication begins, client and server perform a TLS handshake to agree on encryption parameters and establish shared session keys. The handshake uses asymmetric cryptography (RSA/ECDSA) to securely exchange keys, then switches to symmetric AES for the actual data — because AES is far faster for bulk encryption.

What is a Digital Certificate?

A digital certificate is like a digital passport — it proves that a website really is who it claims to be. Certificates contain the domain name, the server's public key, an expiration date, and a signature from a trusted Certificate Authority. When your browser connects to https://google.com, Google presents a certificate proving it owns that public key.

Certificate Authorities

Certificate Authorities (CAs) are trusted organizations that verify domain ownership before issuing certificates. Browsers and operating systems ship with a built-in list of trusted CAs. Well-known CAs include DigiCert (global TLS/SSL provider), Let's Encrypt (free, automated, open CA), and GlobalSign (identity and security solutions).

TLS, TLS Handshake, Digital Certificates, and Certificate Authorities — infographic covering sections 15 through 18
🔒 Why TLS uses both RSA/ECDSA and AES: RSA/ECDSA handle identity, authentication, and key exchange (slow but secure). AES handles the actual bulk data encryption (fast and efficient). Together they deliver both security and performance.

HTTP

HTTP — HyperText Transfer Protocol — is the protocol used to transfer web pages. It operates on port 80. The browser sends a request (GET /index.html) and the server responds (200 OK + webpage content). Critical problem: HTTP sends everything in plain text — credentials, passwords, and payment details are readable by anyone intercepting the traffic.

HTTPS

HTTPS — HyperText Transfer Protocol Secure — is simply HTTP + TLS. It operates on port 443 and wraps all HTTP traffic in a TLS layer, providing Encryption (nobody can read the data), Authentication (verifies the server's identity via certificate), and Integrity (prevents modification in transit).

How HTTPS Actually Works

When a user navigates to https://google.com, the browser: (1) connects to Google on port 443, (2) performs the TLS handshake, (3) verifies Google's certificate against trusted CAs, (4) creates shared AES session keys, and (5) sends all HTTP requests encrypted. From that point on, every byte is encrypted before it leaves your device.

HTTP, HTTPS, and How HTTPS Actually Works — infographic covering sections 19 through 21

✅ Part 4 Summary

  • WiFi is based on IEEE 802.11 — WiFi 4 through WiFi 7 are the modern generations
  • Higher frequency = faster speed but shorter range (physics trade-off)
  • 2.4 GHz / 5 GHz / 6 GHz serve different use cases; modern routers combine all three
  • AES is symmetric encryption — fast and widely used for bulk data
  • RSA uses public/private key pairs — solves the key exchange problem
  • ECDSA achieves RSA-equivalent security with much smaller keys (256-bit ≈ RSA 2048-bit)
  • Digital signatures provide authentication, integrity, and non-repudiation
  • TLS = Confidentiality + Integrity + Authentication over the network
  • TLS Handshake: Client Hello → Server Hello + Certificate → Validate → Key Exchange → AES session
  • Digital Certificates are issued by trusted CAs and prove server identity
  • HTTP (port 80) sends plain text; HTTPS (port 443) = HTTP + TLS encryption
🚀

Coming Up — Part 5

Firewall, VPN, SSH, FTP, SFTP, SMTP, RDP, Port Forwarding, MySQL (port 3306), real-world network design, and the complete end-to-end internet journey — putting everything together.