[ale] using the proper WiFi encryption - WPA2

Ron Frazier atllinuxenthinfo at c3energy.com
Tue Feb 15 15:31:49 EST 2011 

Hello all,

In the prior thread on closing open router ports (Subject: How to test 
your public internet connection for open ports.), Michael T. made a good 
point about WiFi encryption that I thought deserved it's own thread.  I 
had mentioned WPA/WPA2 encryption with a 20+ digit random password, and 
noted that WEP has been cracked and is not recommended.  He mentioned 
that WPA-TKIP has also been proven to be insecure.  I knew that, but had 
forgotten it.  So, the preferred setting is WPA2 with CCMP encryption.  
Most routers I've seen list the option as WPA/WPA2 and AES or WPA2 and 
AES (CCMP is AES based.  See references below.)  If you have a choice on 
the configuration screen which only says WPA2, use that one.  The AES 
setting may be in a separate menu.  PSK stands for pre shared key.

Here are the wireless security menu options on my Netgear router.  This 
is the most accurate way to present the options.  Note that, even though 
this is a newer router, it does not support a centralized authentication 
(radius) server.  Most home users don't have an authentication server 
anyway.

None
WEP
WPA-PSK [TKIP]
WPA2-PSK [AES]
      I have this (above) selected.
WPA-PSK [TKIP] + WPA2-PSK [AES]

I have another router, which is a Belkin.  It separates the options into 
two menus.  This menu structure is confusing.  Even though the top menu 
says WPA, rather than WPA2, I believe the WPA2 standard is activated 
once you select AES from the second menu.  Here are the security menu 
options on that.

Security Mode:
      Options:
           Disabled
           WPA-PSK (no server)
                I have this(above) selected.
           128 bit WEP
           64 bit WEP
           WPA (with radius server)

Encryption Technique:
      Options: (with WPA-PSK (no server) selected above)  (says default 
is TKIP)  (NOTE: The default option is NOT recommended.  This is an 
older router.)
           TKIP
           AES
                I have this (above) selected.

Below are some references from Wikipedia.

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
http://en.wikipedia.org/wiki/CCMP

http://en.wikipedia.org/wiki/Radius_server
http://en.wikipedia.org/wiki/AAA_protocol

Michael T. also suggested the use of a passphrase, rather than a 
password, which can allow you to remember the code easier.

Sincerely,

Ron

-- 

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new messages very quickly.)

Ron Frazier

770-205-9422 (O)   Leave a message.
linuxdude AT c3energy.com

More information about the Ale mailing list