|
|
Question : Problem: Wireless Access Point Security
|
|
I have an HP Wireless acces point that I plan on implimenting. There are many security choices to choose from: Static WEP, WPA-PSK (AES), WPA-PSK (TKIP), Dynamic WEP (802.1X), WPA (AES-802.1X), WPA (TKIP-802.1X), WPA-PSK (TKIP-AES), and WPA (TKIP-AES-802.1X)
Some of these require a RADIUS server. Why would I want a RADIUS server?
What is the difference between WPA-PSK(AES) or WPA-PSK(TKIP)?
Are some of these wireless technologies so new that older wireless cards can't use them?
Why would I choose one security over all others?
|
Answer : Problem: Wireless Access Point Security
|
|
A radius server would allow unique names and passwords for each user, instead of anyone that knows/finds out the WEP/WPA passphrase being able to connect through your access point. You might want that if you're running a business and have wireless available there, though even then WPA-PSK would suffice most of the time.
As I recall, TKIP was introduced as an improvement to WEP, and started out using the same passphrase but then each device would then step through the same changes to the passphrase as time went on, so spoofers couldn't brute-force the passphrase and then intercept the communications at any point desired. AES is a stronger encryption used by CCMP, which works not-unlike TKIP. Most hardware that supported WEP could be upgraded to TKIP in firmware. If it's old enough that it didn't even support WEP it probably cannot be upgraded. There are a ton of links to follow in http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access if you need/want to understand it better.
Yes, some older wireless cards may not support WPA2 (WPA-PSK AES)
If all you're worried about is your neighbors hogging your bandwidth, WEP should be fine; If you want to prevent war drivers from breaking into your LAN and marking your curb, I recommend the WPA-PSK (TKIP+AES) setting, which should use AES but if the wireless client supports only TKIP it will fall back to that without having to reconfigure the HP access point... and a passphrase of say, 20 characters minimum consisting of numbers and letters. No common phrases, or words found in the dictionary.
If you never shred anything, WEP will probably make you feel warm and fuzzy security-wise. If you shred every piece of paper with your name on it headed for the trash, then separate each shredding batch into 3 separate bags, 1 for the regular recycling bin, the 2nd to dispose of in the secured trash bins where you work, and the 3rd to stuff a handful at a time in the trash cans around town, then you might want to setup a RADIUS server and force password changes every week, never allowing the reuse of a password and REGEX filtering potential passwords for repeating/sequential characters and dictionary words, to disallow their use. In between those levels of paranoia fall the other types of security. :-)
|
|
|
|