Re: Wireless Access Point on external router?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

In article <926511A2-B59E-4F4A-99F8-E215E2840764@xxxxxxxxxxxxx>,
doucettea@xxxxxxxxxxxxxxxxxxxxxxxxx says...

So, WPA with PSKs will be enough? That's great news, and less of a headache.
I'll only have a few wireless connections anyway.
If WPA2 is not enough security for some reason, please let me know.
Otherwise, I'll implement this.

One clarification (responding to your "if WPA2 is not enough security"
comment): WPA2 is (in theory) more secure than WPA. This is because
WPA2 requires implementation of the Advanced Encryption System (AES),
which is "military grade." WPA only requires support of Temporal Key
Integrity Protocol (TKIP), a very good but somewhat weaker encryption
method.

That said, many WPA implementations do support AES, even on inexpensive
consumer-grade devices like the LinkSys WRT54gL. But not all, and -
with WPA at least - _everything_ in your network must support one or the
other. I am starting to see some newer WAPs/wireless routers with WPA2
which look like they support mixed TKIP+AES networks.

As for WPA/WPA2-PSK (also known as "WPA/WPA2 Personal") v. WPA/WPA2
Enterprise (which requires RADIUS), Dave covered that well. My view is
that the former is fine in a home or SOHO business with a couple of
people. Dave uses a 64 character random key but usually anything 22
characters or more is considered acceptable, especially with AES. I
definitely agree about using a random password generator. I even use a
generator to come up with an 8-character SSID since best practice is
that the SSID should reveal nothing about who the network belongs to or
where it is located.

When you have an environment where people needing wireless come and go,
WPA/WPA2 Enterprise starts to look a LOT more attractive. With PSK, any
time you even _suspect_ the shared key may have been compromised, it
should be changed on _all_ of the WAP(s) and wireless workstations.
With Enterprise, using the method I document, you just remove the
workstation from the Domain Computers security group and revoke its
certificate. Even if you have a disgruntled employee who walked out the
door with a laptop they _were_ using on your wireless LAN, they will no
longer have access and you won't need to touch anything else - no other
device is affected.

-- Owen Williams (SBS MVP)
.

Relevant Pages

  • Re: Win2K support for WPA ?
    ... See 815485 Overview of the WPA Wireless Security Update in Windows XP ... "For wireless clients running Windows 2000 (or clients running Windows XP ... Microsoft Technical Support ...
    (microsoft.public.win2000.networking)
  • Re: Wireless Access Point on external router?
    ... Great idea about the randomly generated SSID. ... I'll only have a few wireless connections anyway. ... If WPA2 is not enough security for some reason, ... WPA only requires support of Temporal Key ...
    (microsoft.public.windows.server.sbs)
  • Re: Where is WEP/WPA/WPA2 status shown?
    ... The fallback I was speaking of was when the router is set on WPA2 Mixed, which does support WPA or WPA2. ... And from what I've seen, if the client's on WPA2, and for whatever reason that doesn't work, it will negotiate WPA. ... If the Router is set to WPA2 all computers that connect Wireless would use WPA2 there is No fall back. ... From the weakest to the strongest, Wireless security capacity is. ...
    (microsoft.public.windows.vista.networking_sharing)
  • Re: WPA 2 support?
    ... So I am currently using WPA with TKIP. ... Does anyone know what level of LAN security G4 powerbooks support? ... WPA2 is supported by the latest ... WPA with an Apple Airport base station ...
    (comp.sys.mac.misc)
  • Re: WPA 2 support?
    ... So I am currently using WPA with TKIP. ... Does anyone know what level of LAN security G4 powerbooks support? ... WPA2 is supported by the latest ... WPA with an Apple Airport base station ...
    (comp.sys.mac.misc)