Security best practices for Enterprises
We have seen a ton of attacks against WPA/WPA2, both Personal and Enterprise. Based on our experience, we would recommend the following:
- For SOHOs and medium-sized businesses, use WPA2-PSK with a strong passphrase. You have up to 63 characters at your disposal. Make use of it.
- For large enterprises, use WPA2-Enterprise with EAP-TLS. This uses both client and server-side certificates for authentication, and currently is unbreakable.
- If you have to use PEAP or EAP-TTLS with WPA2-Enterprise, then ensure that certificate validation is turned on, the right certifying authorities are chosen, the Radius servers that are authorized are used and finally any setting that allows users to accept new Radius servers, ...