2010-01-16

WIFI Security

My neighbor was asking me yesterday what kind of security I thought he should set up on his home WIFI router.

My answer: it depends!
  • Best: WPA2 with AES
  • Good: WPA or WPA2 with TKIP or AES
  • Very Poor: WEP
Pretty simple, eh? No, not really.

Many old routers and laptops have a crusty old WIFI adapter that won't support the modern protocols. And therefore it is often necessary to use a lesser security protocol.

A lot of old wireless hardware only works with the WEP protocol. Some older 802.11g hardware can use WPA and WEP, but cannot use WPA2. Modern 802.11g and 802.11n hardware supports all protocols.

My general strategy is to do an on-site equipment survey to see what kind of wireless hardware is in use. If there are any devices that require a lesser protocol, I talk to the client to see if it is reasonable to replace or eliminate the old adapters.

My neighbor turned out to have two old laptops with 802.11b adapters that only supported WEP. Therefore, we configured his network for WEP. Once he replaces those old cards with modern 802.11g cards, he'll be able to upgrade his network to the recommend WPA2 w/AES.

As for my home network: I ended up retiring all my old wireless devices that didn't support WPA2. Wireless hardware is quite inexpensive, so it wasn't expensive to do so. Now I exclusively use WPA2 with AES, in conjunction with a long, sophisticated passwords.

No comments:


Share