DunLUG Wiki | Linux / WiFiSecurityPage

Wireless Security comes in many guises.

By default most older equipment came with only two states of operation. Either unsecured or secured by using WEP.

WEP stands for Wired Equivalent Privacy. The implementation of encrypting the traffic using WEP was poorly done and many security holes have since been found. Whilst better than no encryption, it does not take long for the encryption to be cracked using freely available tools and most attacks are completed using Linux. Basically it's useless if you want real security and unfortunately if you have old hardware you may not be able to either flash them or upgrade the software to support the more secure standards.

The better standard that is incuded in most modern WiFi equipment is WPA or WiFi Protected Access. This comes in many formats. The most commonly used is WPA-PSK (PSK stands for Pre Shared Key) for a reasonable level of security. WPA as of yet has proven quite robust if a random 64 character hexadecimal code is used for the key. Weaker keys (like any encryption) can generally be cracked.

The advantage with a PSK system is that the key is not "in the air" so to speak. So this means that you have to give someone your key before they can connect to your access point. However in itself it presents a few problems.

You have to trust that the person and the computer that you place keys onto.
You can't "wirelessly" send your key to someone without lowering your WiFi security and broadcasting your key into potentially anyones computer that is listening for it.

Next comes WPA2 wich is similar to the WPA standard other than it mainly adds the AES-CCMP algorithm. Its considered currently that the encryption method is a bit of overkill but still some more sensitive information may need to be given this extra layer of security along with other methods such as properly implemented VPN.

Both WPA and WPA2 can be used with RADIUS authentication.