When I wrote this previous blog "Hack most wireless LANs in minutes!" which mostly focused on insecure corporate wireless LANs, it seemed to generate more questions than answers which is typical every time I go in to this topic. Many of the comments and questions were based on home security so I answered them as best I could which prompted even more questions. So to clear this up once and for all, I offer the following advice.
- Refuse to buy any new devices that are not WPA certified. Believe it or not, there are some new devices being touted at this year's CES (Consumer Electronic Show) for wireless LAN media players that only support WEP encryption.
- Demand that your vendors provide upgrades for older devices, especially if they are only two years old.
- Many devices that aren't too old can already be upgraded to WPA. You need to check with your vendor to get the updated drivers and/or firmware. Devices include 802.11 Access Points and client adapters.
- Use WPA-PSK mode with a random key. Don't use words in the dictionary or a variation of them because they can easily be cracked. It's better to simply store the key on a USB dongle or even a floppy disk. Microsoft provides a very simple mechanism for setting up WPA security by making it easy to create a simple setup file on a USB dongle.
Now you may have noticed that I didn't include "MAC filtering" or "SSID hiding" as part of my recommendation. This is because those are two of the biggest myths in wireless LAN security which I'll have to leave for another blog. If you have any more questions or comments, just use our talkback section and I'd be happy to answer them.