As I mentioned in another thread, I just got a new computer. Right now, my wireless encryption is WPA2 Personal. Is there any reason to switch it over to another possible protocol (or whatever you call it), like WPA2 Enterprise (I think it was) or this other one I forget the acronym to? What’re the differences?
I believe WPA2 Enterprise requires you to have an RADIUS server, so that’s generally not going to work for a home setup.
Anyway, WPA2 is the good one. WEP is the bad one. Stick with WPA2, preferably with AES as the algorithm. You might have to do AES+TKIP if you’ve got legacy TKIP devices on your network, but TKIP’s less secure.
nods I thought that’s what I remembered.
Anyone know how to check/change the algorithm with OSX?
Oh, and any thoughts on how long the password should be? A friend suggested 15-20 or something like that (though even he admitted that might be too much, since it’s meant to ward off the casual, since nothing can stop a determined breaker).
No such thing as “too much.”
The only way that WPA2 is vulnerable to a sniffing attack is by use of a common SSID name and a dictionary-type attack.
If you use a random SSID name and a 20 character random passphrase, you are effectively safe from even a determined breaker. (A wireless sniffing breaker, anyway). Of course, wireless is still vulnerable to denial-of-service type attacks, but you’re not going to have your passphrase discovered by a sniffer.
(I say “use a random SSID name” not to disguise what it is, but to frustrate pre-built rainbow tables, since WPA uses the SSID to salt the hash of the passphrase.)
Just to add a question (if you don’t mind the thread drift). I use network magic and can see other networks- very few here.
If I leave mine visible and/ or unlocked I understand someone can get in and use the signal. That doesn’t worry me a great deal.
Can they also monitor your own traffic and find you passwords if you send them over the wireless network?
If the wireless network is insecure, yes, in theory people could eavesdrop on your traffic. Secure websites (https) would still be encrypted and safe, but your regular stuff (like the SDMB) could be seen. That includes cookies and automatic passwords and such.
But whether anyone’s actually going to go through the trouble to do that is another question.
If the network is simply visible but properly secured (i.e. WPA2), you’re fine… at least until somebody breaks the encryption.
Are you using one of Apple’s Airport base station or just a Mac connecting to any other wireless router? The Airport base station devices will use CCMP if you set it to WPA2 Personal. If you set it to WPA/WPA2 it will use CCMP+TKIP. You can’t customize it beyond that but it’s simple enough.
Any other devices I’m familiar with use some type of Web based infrastructure and you can change settings via your browser the same whether it’s a Mac browser or any other.
Mostly.
Older implementations that use SSL v2 might not be safe, because SSL v2 can be compromised by a “man the middle” type attack, which wireless instances are particularly vulnerable to. SSL v2 is off by default in most up-to-date browsers and web servers.
What is the current theory about not broadcasting your SSID?
I don’t broadcast my SSID, which keeps the neighbors from even seeing my network. I broadcast it when I need to connect a friend’s computer, and then stop broadcasting when he leaves.
This use to be one of the first steps to locking the door, but I seem to remember a Microsoft document wherein it was stated that not broadcasting the SSID was not a good defense mechanism. (For the record, I don’t broadcast my SSID and my passphrase is a series of letters and numbers 16 or so characters in length.)
So, is not broadcasting the SSID a good step in securing the network?
Invisible SSID, WPA2, restrict by MAC address.
So how random should “random” be? If it’s TOO random, I won’t remember it. (Of course, I could just save it on a keychain and just reset the whole thing if I forget it, but still.)
So which is better?
How do I find my own MAC address? Does it ever change?
WPA2 only. TKIP is less secure.
The MAC address is the hardware address of the network card. It’s 12 hexadecimal numbers. If you look in the network card properties it will be in there. Or you can do IPCONFIG /ALL at a command prompt.