Wireless Office

[James Knott]

Lennart Sorensen wrote:
> On Mon, Dec 29, 2008 at 05:03:41PM -0500, James Knott wrote:
>> That's why you use something called "encryption".  WPA2 encryption has
>> not been broken and is very secure.  Do not use WEP and use plain WPA,
>> if you can't do WPA2.  Many WiFi routers can be configured to work with
>> both WPA & WPA2, depending on what the computer is capable of.  Linux,
>> Vista, XP SP3 can do WPA2.  XP SP2 can only do WPA.
> 
> As far as I can tell, WPA (including WPA2) is only secure if you use the
> corporate mode, which involves using an authentication server.
> Preshared key has been broken I believe.
> 
> So if you use TKIP with WPA or WPA2, then you might as well almost not
> bother.

IIRC, WPA has been partially broken, but not WPA2.  WPA was supposed to 
be an interim measure, while waiting for 802.11i to be finalized.  WPA2 
is 802.11i, but with a pre-shared key instead of a RADIUS server.  TKIP 
is a weak point.

> 
> If you use AES _and_ 802.1x authentication agaist a radius server or
> similar, then you have pretty good security.
> 
> Or just run a VPN link from every machine back to a central machine on
> the network, and don't ever run any unencrypted traffic on the wireless.
> 

That's what I do.  My home WiFi is WPA2 with the WiFi router outside my 
firewall.  The only way into my home network is via OpenVPN or SSH.


-- 
Use OpenOffice.org <http://www.openoffice.org>
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists