Which encryption for wireless?

[mac_shinobi]

Here's a quick overview for you...
For the full scoop, check out "A Brief History of Wireless Security" at Security Uncorked A Brief History of Wireless Security

KNOWING YOUR NEED
It really depends on the data you need to protect. In the US, we have specific regulations over data protection for personal information, health and financial. A school network could contain:
- Student grades, names, gov ID, addresses <- Personal info
- Student health information (mental/clinical) <- Health info
- Employee names, addresses, gov ID <- Personal info
- Employee health or insurance info <- Health info
- Employee salary and benefits <- Financial data

THREE MINUTE OVERVIEW
Listed most secure to least secure.

1. Enterprise mode 802.11i (WPA2 with 802.1X and AES) > Connects to directory services to authenticate users or machines and uses 802.1X for key rotation. Not currently broken because the encryption is secure (AES) and the key rotation (802.1X) is not broken.

2. WPA or WPA2 with TKIP > Can be broken, but takes much more effort and the keys isn't broken, the checksum is. The vulnerability is in the TKIP encryption (vs AES). TKIP was an interim crypto method before all hardware could support AES.

3. WPA2 with PSK > Uses a pre-shared key instead of rotating keys created by 802.1X. Pre-shared keys are more vulnerable, especially when not configured to rotate at all. Even rotating PSKs are not as secure as 802.1X keys.

4. WEP with PSK > Just don't even do it.

-jj

Can see your list from top to bottom but you did put vs AES for the WPA or WPA 2 so how would item 2 compare with WPA or WPA 2 using AES ( if this is possible ) ?

[Edu-IT]

I think WPA2 AES is the best we're going to get then, with AD authentication for laptops not connected to the domain/if no AD credentials available then guest access.

What would the key length ideally be? (Random words/numbers)

[koryo]

Heya EDU-IT

Key length - the longer the better security wise. i don't think there is a maximum (but i could be wrong), i would suggest a minimum of 10 character, and most importantly make sure that your including letters, number and symbols too!

Hope this helps! ^_^

Regards

Koryo