Securing Wireless Using a WRT54G
Chapter 5 219
Wireless networks have become ubiquitous in our current environment, and security is becoming
increasingly important as their usage grows. Unlike wired networks, wireless networks extend their
range beyond the physical wire. As a result, we open ourselves to attack each time we set up a wire-
less network, whether at home, at work, or at the local coffee shop. By utilizing these security
methods for our wireless networks, we can begin to protect our networks from unauthorized use.
Although not all of the security methods are ideal, or terribly secure, they at least provide a deterrent.
Solutions Fast Track
Basic Wireless Security
Choosing an appropriate SSID name is important, as you do not want to give out too
much information about yourself within the namespace of your SSID.
g41 Hiding your SSID and configuring MAC address filtering, when used together and in
conjunction with other wireless security mechanisms, can help to secure your wireless
V4I Some devices will support only WEE and although WEP is not considered a secure
protocol, it is still better than running an open wireless network.
Configuring WPA-Personal (PSK)
g4I WPA-PSK uses a shared secret to offer much better security than WEP and it is supported
on most wireless hardware available today.
Ud WPA-PSK is vulnerable to dictionary attacks, so be certain to use a strong passphrase and
change your SSID to something that is nonstandard.
U------d WPA2-PSK offers some enhanced security over WPA-PSK and should be used if the client
hardware can support it. OpenWrt supports both WPA-PSK and WPA2-PSK.
Configuring WPA-Enterprise (and WPA2-Enterprise)
WPA-Enterprise offers increased security over WPA-PSK because it does not use a static
key, and it utilizes a central directory for authentication.
!-4I There are many different EAP types. However, PEAP and TTLS are recommended for
general use and offer a similar level of security and client support.
[-4I Using TTLS in Windows requires that a third-party, open source supplicant, called
SecureW2, be installed.