Hi,
Quote:
I know that both WEP and WPA are pretty weak encryption methods;
|
By the way... it depends, there are (at the moment) two ways of using WPA :
1/ WPA preshared key, which means the use of a shared key between hosts, but with TKIP (temporal key integrity protocol). If you use correct preshared keys (not your company's name
) that should be a good security level (by that I mean that I'm quite sure you have no information secret enough for a professional hacker to spend a month trying to intrude in your network... I may be wrong, but if it is so, then you should think about putting WiFi in a DMZ, 2 levels of firewalls - different OS and versions on each - with IPS, hot redundancy, and so on...).
2/ WPA + radius, which means 802.1X : so your access point drops every packets unless 802.1X negotiation ones, untill you authenticated to the radius : eg you've got to be a registered user in the radius database. Then you use TKIP.
Both WPA modes use EAP, which isn't the most secure encryption method, but it may be used by most OS and most machines since it's not too heavy.
Next step will be WPA2 : 802.1X + AES encryption which is a stronger cypher, but that will wait for the 802.11i standard to come in use... (and it's allready been delayed once at least)
If you want to be still more secure, then let's consider using VPN... but that's complicated when traveling users may come any time and need an access.
Quote:
(about MAC address filtering) So what's the point of using this?
|
Quite true ! MAC address filtering can be bypassed, but as a matter of fact, I believe that if someone who's able to bypass your MAC filtering device really want's to hack into your network, then he will also find some security holes in your AP's software, or in your VPN server's code...
So, finally, I think that :
WEP alone is a joke
WEP + MAC filtering would be quite good for my parents, if they had bought an AP before WAP had existed
WPA preshared-key seems correct for my parents
WPA preshared-key + MAC filtering is sufficient for my parents
WPA + radius is the most convenient way of securing WiFi for someone who cares about security (as every company should)
WPA + radius + MAC : I agree with you on the interest it has.... or hasn't
VPN for real security, but much more complicated management
(hu, I took my parents as an exemple because they use computers but are not the biggest users I know... as a matter of fact they don't have WiFi at all
)
Still, I'll be glad to have other points of view on that topic !
(sorry unreal128, my post was no answer to your question...)