Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless Basics

Skill Level 2: Anyone with WEP / WPA-PSK Cracking Skills

While WPA and WPA2 eliminate many of the problems associated with WEP, they are still vulnerable to attack, particularly in their PSK form. Many people have already cracked WEP and Parts 1 and 2 of this series provided a step-by-step procedure.

Breaking the pre-shared key of WPA and WPA2 "Personal" is much harder and time consuming - especially if you are using AES encryption - but it is possible.

Countermeasure 8: Add Authentication

To address this emerging threat, users should implement authentication. Authentication adds another layer of security by requiring a client computer to "sign-in" to the network. Traditionally this has been done with a mix of certificates, tokens, or hand-typed passwords (also called Pre-Shared-Keys) that are negotiated with an authentication server.

802.1X provides the access control framework used by WEP, WPA and WPA2 and supports several EAP (Extensible Authentication Protocol) types that do the actual authentication. George Ou's excellent article on Authentication Protocols contains probably more than you'd ever want to know about EAP, WPA and WPA2!

Configuring authentication can be a daunting and expensive task for networking professionals, let alone home networkers. At this year's RSA conference in San Francisco, for example, many attendees didn't bother to set up their wireless connection because of the full page of instructions they had to follow to do it!

Thankfully, things are getting better, and you don't need to buy a full-blown RADIUS server, as there are a number of easier-to-implement alternatives. McAfee's Wireless Security Suite is a subscription-based product starting at $4.95 per user per month with discounts for volume purchases. A free 30 day trial download is available here.

Another free option worth investigating for more experienced networkers is TinyPEAP, which adds a small RADIUS server supporting PEAP-based authentication into Linksys WRT54G and GS wireless routers. Note that since this firmware isn't officially supported by Linksys, you're on your own if you mess up your router while installing TinyPEAP.

More Basics

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

had a share problem but figured it out. all better now.wish there was a way to delete this post
Before anyone says "what could you need 10GbE for anyway", I will say that I do not need 10GbE, but I do need more than 1GbE. So, I am looking for opt...
I’m not sure if this is the correct forum so, mods, please move if needed. My situation is that we about to get the NBN FTTN / VDSL2+ via iiNet and I’...
I have always used RDP to remotely connect to an internal machine at my home 192.168.1.3 using OpenVPN remotely, but recently I have not been able to ...
I have an RT-86U and because of various reasons ended up starting to use Merlin on it. Works ok'ish but lately I haven't been able to add anymore DHCP...

Don't Miss These

  • 1
  • 2
  • 3