So apart from the alliteration, which method should I use to secure my wireless? I did some research in to this ages ago but I have managed to file it somewhere
What version has the best compatibility and least overhead for b/g/n devices (possibly not b but we have some old stuff)?
Thanks
Chris
wep is less secure but more compatable where as wpa is more secure but not everything supports it depending on firmware version of wifi device and also if the computers OS supports it ie WPA or something like that I think ( dont quote me ) was added in service pack 2 of XP just as an example.Originally Posted by CHR1S
So apart from the alliteration, which method should I use to secure my wireless? I did some research in to this ages ago but I have managed to file it somewhere
What version has the best compatibility and least overhead for b/g/n devices (possibly not b but we have some old stuff)?
Thanks
Chris
You could try wpa and update devices as needed or you could use wep
CHR1S (28th September 2009)
Thanks for the quick reply shinobi, do you know the different overheads for each version of WPA encryption please?
not personally - would be good to know though.
My options are -
WEP
WPA-Personal
WPA-Enterprise
WPA2-Personal
WPA2-Personal Mixed
WPA2-Enterprise
WPA2-Enterprise Mixed
Whats the difference with the enterprise/personal/mixed bits too?
WEP is a fixed, shared key system - there's one key, everyone knows it, and if you know it you can read other people's traffic.
WPA and WPA2 are rotating key systems: having shaken hands with the access point, you are issued a key to cipher with for a fixed amount of time, then you discard it and get another. Enterprise WPA uses RADIUS and a central server to do the initial authentication, Personal WPA (or WPA-PSK) uses a shared key to initially authenticate, that you discard once you're issued with a ciphering key.
WPA and WPA2 are essentially the same system, except that WPA uses only the Temporal Key Integrity Protocol, whereas WPA2 can use the Advanced Encryption Standard instead. TKIP rotates the temporal (cipher) key every 10,000 packets. The underlying temporal key is actually a WEP key; what matters is that it's changed regularly so you (hopefully) can't sniff enough packets to perform a brute force attack, and can't use replay attacks to produce dummy traffic to attack.
AES is much faster to calculate ciphers and is very well suited to hardware ciphering, but is also often only found with dedicated hardware. So, if you want to be attacked, use WEP. For high compatibility, use WPA or WPA2 with TKIP, or if your devices can all support it and you want to minimise delays use WPA2 with hardware AES. If you use RADIUS, you can centralise authentication and reduce shared key vulnerability and administration overhead; if you don't, use good passphrase as a shared key and guard it carefully.
CHR1S (29th September 2009)
WPA-Personal should be fine for what you want chris, and it works well with the XboxLive Donglehehe
But yes AES is much better then TKIP
James.
CHR1S (29th September 2009)
I'm pleased that the question of WEP and WPA has cropped up. I've been trying to get my head around the authentication process for the last week. I'm happy with WEP (as it's so simple and insecure!).
I realise that a PSK or passphrase is entered initially. Do you mean that this is used after initial association for the fixed amount of time, but what then? Does the AP issue another key to the host (presumably in some sort of encrypted manner, otherwise it can be sniffed) which is used for the next period ... etc.?
Similar question - is the new TKIP issued by the AP or is there something built in to the AP and host software which generate the next TKIP? If so, how are the changes of TKIP at the AP and host synchronised?TKIP rotates the temporal (cipher) key every 10,000 packets. The underlying temporal key is actually a WEP key; what matters is that it's changed regularly so you (hopefully) can't sniff enough packets to perform a brute force attack, and can't use replay attacks to produce dummy traffic to attack.
The pre-shared key forms what TKIP calls the 'base key', along with some unique address details and random numbers, which is then hashed. It's generated each time a station associates with an AP, and then the base key is used along with a packet sequence number and some other random data to encrypt each packet. If memory serves me correctly, the key rotation happens because the station is required to re-authenticate every so often, which changes the base key.
Having a sequence number is also how the AP prevents replay and collision attacks. The sequence number is 48 bits, so it takes a couple of thousand years to repeat itself, making a collision practically impossible.
If you use 802.11x authentication, the base key is generated by the RADIUS server and transmitted to the access point within your wired network boundaries, which is what makes it so much more secure than a pre-shared key, some vulnerable parts of which have to be transmitted over the air.
CHR1S (29th September 2009)
But then how do I justify using one in a primary school??WPA-Personal should be fine for what you want chris, and it works well with the XboxLive Dongle
But yes AES is much better then TKIP
James.
Thanks for the info everyone, looks like ill see how it does with WPA2 .
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
