Re: Wireless Access Point on external router?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Great idea about the randomly generated SSID. I'm going to start doing that
for the home users I support, including myself.

I'd still like to find a WAP with a hotspot login page for the public
wireless here at the office. I love that idea, but haven't been able to
find one.


"Owen Williams [SBS MVP]" <Owen@xxxxxxxxxxxxxxxxxx> wrote in message
news:MPG.20ab1078ae7e3464989a31@xxxxxxxxxxxxxxxxxxxxx
In article <926511A2-B59E-4F4A-99F8-E215E2840764@xxxxxxxxxxxxx>,
doucettea@xxxxxxxxxxxxxxxxxxxxxxxxx says...

So, WPA with PSKs will be enough? That's great news, and less of a
headache.
I'll only have a few wireless connections anyway.
If WPA2 is not enough security for some reason, please let me know.
Otherwise, I'll implement this.

One clarification (responding to your "if WPA2 is not enough security"
comment): WPA2 is (in theory) more secure than WPA. This is because
WPA2 requires implementation of the Advanced Encryption System (AES),
which is "military grade." WPA only requires support of Temporal Key
Integrity Protocol (TKIP), a very good but somewhat weaker encryption
method.

That said, many WPA implementations do support AES, even on inexpensive
consumer-grade devices like the LinkSys WRT54gL. But not all, and -
with WPA at least - _everything_ in your network must support one or the
other. I am starting to see some newer WAPs/wireless routers with WPA2
which look like they support mixed TKIP+AES networks.

As for WPA/WPA2-PSK (also known as "WPA/WPA2 Personal") v. WPA/WPA2
Enterprise (which requires RADIUS), Dave covered that well. My view is
that the former is fine in a home or SOHO business with a couple of
people. Dave uses a 64 character random key but usually anything 22
characters or more is considered acceptable, especially with AES. I
definitely agree about using a random password generator. I even use a
generator to come up with an 8-character SSID since best practice is
that the SSID should reveal nothing about who the network belongs to or
where it is located.

When you have an environment where people needing wireless come and go,
WPA/WPA2 Enterprise starts to look a LOT more attractive. With PSK, any
time you even _suspect_ the shared key may have been compromised, it
should be changed on _all_ of the WAP(s) and wireless workstations.
With Enterprise, using the method I document, you just remove the
workstation from the Domain Computers security group and revoke its
certificate. Even if you have a disgruntled employee who walked out the
door with a laptop they _were_ using on your wireless LAN, they will no
longer have access and you won't need to touch anything else - no other
device is affected.

-- Owen Williams (SBS MVP)


.

Relevant Pages

  • Re: Wireless Access Point on external router?
    ... I'll only have a few wireless connections anyway. ... If WPA2 is not enough security for some reason, ... WPA only requires support of Temporal Key ...
    (microsoft.public.windows.server.sbs)
  • Re: Marina base station coverage?
    ... where some neighbors seem to think I run a public ... Only in support newsgroups. ... All that hiding the SSID does it allow users to setup their ... With wireless, you get the added ...
    (alt.internet.wireless)
  • Re: Strange Wireless Networking Issue
    ... Looks like I can comfortably turn the SSID back on, ... Many of the features and the "Last Word" in Wireless control is up to the ... From the weakest to the strongest, Wireless security capacity is. ... WPA-AES the the current entry level rendition of WPA2. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Strange Wireless Networking Issue
    ... Many of the features and the "Last Word" in Wireless control is up to the way the manufacturer writes its Drivers. ... Example Windows can do WPA and WPA2, but if the Drivers do not provide the WPA entries the Wireless would Not do WPA. ... Many Wireless cards would not work correctly if the SSID is Off, thus to avoid misunderstanding is better to keep it On. ... The documentation of your Wireless devices should state the type of security that is available with your Wireless hardware. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Dell PDA with WPA2 ?
    ... > the Windows mobile o/s that manages the wireless. ... > integrated Wi-Fi card is WPA2 ready? ... Windows Mobile 2003 is implemented per device model and hence ... Like I said, X3i no support, I think there's support on Dells support ...
    (alt.internet.wireless)