Wireless Office
James Knott
james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Mon Jan 5 17:29:36 UTC 2009
Lennart Sorensen wrote:
> On Mon, Dec 29, 2008 at 05:03:41PM -0500, James Knott wrote:
>> That's why you use something called "encryption". WPA2 encryption has
>> not been broken and is very secure. Do not use WEP and use plain WPA,
>> if you can't do WPA2. Many WiFi routers can be configured to work with
>> both WPA & WPA2, depending on what the computer is capable of. Linux,
>> Vista, XP SP3 can do WPA2. XP SP2 can only do WPA.
>
> As far as I can tell, WPA (including WPA2) is only secure if you use the
> corporate mode, which involves using an authentication server.
> Preshared key has been broken I believe.
>
> So if you use TKIP with WPA or WPA2, then you might as well almost not
> bother.
IIRC, WPA has been partially broken, but not WPA2. WPA was supposed to
be an interim measure, while waiting for 802.11i to be finalized. WPA2
is 802.11i, but with a pre-shared key instead of a RADIUS server. TKIP
is a weak point.
>
> If you use AES _and_ 802.1x authentication agaist a radius server or
> similar, then you have pretty good security.
>
> Or just run a VPN link from every machine back to a central machine on
> the network, and don't ever run any unencrypted traffic on the wireless.
>
That's what I do. My home WiFi is WPA2 with the WiFi router outside my
firewall. The only way into my home network is via OpenVPN or SSH.
--
Use OpenOffice.org <http://www.openoffice.org>
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list