info needed with regards to WI FI encryption suggestions :)

VIPER_1069

VIPER_1069

1
looking for suggestions with regards to encryption for a wireless network in the workplace it has to be strong and secure but easy to setup at least 128bit or more as it has to be pretty darn secure :)

cost is not an issue as its the workplace footing the bill :)


thanks in advance :)
 
VIPER_1069

VIPER_1069

1
cheers roady will pass that info on along with some i just dug out from google with your comment :)

WPA supports 256bit so i think that would be pretty secure for them :)
 
roadworker

roadworker

1
VIPER_1069 said:
WPA supports 256bit so i think that would be pretty secure for them :)
Click to expand...
Wep can support 256bit too if all wireless hardware is compliant,but WPA is the latest encryption standard for WIFI and is even less vulnarable for attacks than Wep.....
 
L

LTR12101B

1
I would strongly recommend uising mac-address locking as well, over and above 128 or 256 bit encryption.

With network association restricted to defined MAC addresses only, that is a router (or access point) based control that is effective even if the key is compromised by technical or social engineering methods - I suppose mac addresses can be spoofed and possibly discovered by packet sniffing, so it's not a complete shield.

Also, site equipment (may need range extenders for a large area), to minimize off-site signal.
 
roadworker

roadworker

1
Yep,mac address binding is a nice security option...also disabling ssid broadcasting and disabling remote management and unpnp are preferred... :)

Makes it a lot harder for wardrivers to detect a wireless network... :D
 
big_gie

big_gie

1
What I suggest:
  • Use a WPA router, not a WEP one. WEP is not secure. More info on WEP weekness here
  • 128 or 256 bits key
  • MAC filtering: only allow certain mac address to get access
  • Restrict number of avaible IPs in router's DHCP
  • roadworker said:
    disabling ssid broadcasting and disabling remote management and unpnp. Makes it a lot harder for wardrivers to detect a wireless network
    Click to expand...
  • Make the computers accessing the wlan log in by vpn.
I can't think of something more secure then the vpn. An encrypted channel inside an encrypted channel...:) Even if someone breaks in your wlan, they still have to get thrue the vpn, wich is easier to monitor, log, manage, etc...

Here is a open source vpn solution:
OpenVPN

I didn't tryed it and don't know a thing about this one, but it is a simple example.

good luck!
 
ipdave

ipdave

1
FYI, the reason WPA is emphasized here is that the WEP keys stay the same, and can be broken in a couple hours by an air sniffer. WPA changes the keys used quite often, so by the time someone begins to crack your key to get your SSID, your router has moved on already. Not foolproof, but close.
MAC lockdown to only allow access (like port security on a router). Don't connect without it.
VPN to get to it from the outside is essential.
 
You must log in or register to reply here.
Top