Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless Basics

Skill Level 2: Anyone with WEP / WPA-PSK Cracking Skills

While WPA and WPA2 eliminate many of the problems associated with WEP, they are still vulnerable to attack, particularly in their PSK form. Many people have already cracked WEP and Parts 1 and 2 of this series provided a step-by-step procedure.

Breaking the pre-shared key of WPA and WPA2 "Personal" is much harder and time consuming - especially if you are using AES encryption - but it is possible.

Countermeasure 8: Add Authentication

To address this emerging threat, users should implement authentication. Authentication adds another layer of security by requiring a client computer to "sign-in" to the network. Traditionally this has been done with a mix of certificates, tokens, or hand-typed passwords (also called Pre-Shared-Keys) that are negotiated with an authentication server.

802.1X provides the access control framework used by WEP, WPA and WPA2 and supports several EAP (Extensible Authentication Protocol) types that do the actual authentication. George Ou's excellent article on Authentication Protocols contains probably more than you'd ever want to know about EAP, WPA and WPA2!

Configuring authentication can be a daunting and expensive task for networking professionals, let alone home networkers. At this year's RSA conference in San Francisco, for example, many attendees didn't bother to set up their wireless connection because of the full page of instructions they had to follow to do it!

Thankfully, things are getting better, and you don't need to buy a full-blown RADIUS server, as there are a number of easier-to-implement alternatives. McAfee's Wireless Security Suite is a subscription-based product starting at $4.95 per user per month with discounts for volume purchases. A free 30 day trial download is available here.

Another free option worth investigating for more experienced networkers is TinyPEAP, which adds a small RADIUS server supporting PEAP-based authentication into Linksys WRT54G and GS wireless routers. Note that since this firmware isn't officially supported by Linksys, you're on your own if you mess up your router while installing TinyPEAP.

More Basics

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi guys,I don't know what this is, but it started suddenly with one of the betas in the past.. It doesn't appear directly after a reboot or a flash, b...
The FCC posted this announcement to Twitter about an hour ago"The FCC has adopted new rules for the 6 GHz band, unleashing 1,200 megahertz to boost #W...
Hello, this is my first post. Looking for a new six-bay NAS. I have own both brands before older smaller models. I would like to have two more drive b...
Wondering if this upgrade is worth it (or if it's even an upgrade). I was able to pick up the Linksys MR9000 for $54. What performance improvements, i...
I have the following hardware on my network:Fiber modemArris Surfboard mAX Pro 802.11ax mesh router and 1 satelliteLinksys Velop mesh router with one ...

Don't Miss These

  • 1
  • 2
  • 3