Securing my WiFi
While I knew about the dangers of running with WEP, after listening to Episode 11 of Security Now, I decided it was time to ditch WEP and go WPA–otherwise known as WiFi Protected Access. I have started broadcasting my SSID again, disabled MAC filtering, and turned off WEP. None of these things prohibited anything more than casual use of my WiFi since a determined hacker can circumvent all of these things in a matter of an hour or less. With WPA, I have far better protection and far easier configuration for my clients.
One of the biggest impediments I had to going WPA was backward compatibility. I have a Linux laptop that I am using with an older Orinoco card. I also have a WiFi phone that only understands WEP. I was also under the mistaken impression that my WiFi repeater, a Linksys WRE54G, didn’t support WPA. The latest 1.04 firmware supports WPA. That was enough for me.
Linux supports WPA with something called WPA Supplicant, which I can either get working with my existing Orinoco card or the newer D-Link card I have, which I know works with NDISWrapper. I’ll have to figure out how to get all of that properly integrated with RedHat Enterprise 4, which may be somewhat of a challenge. I’ll work on that when I have some free time.
The WiFi phone is not something I use often enough to warrant holding back implementing higher security for. Even so, if I need to use it, I can hook it up to a different access point and configure it in such a way that it can only access what it needs to and nothing more. It may be open, but it will be an access point to nowhere basically. Either that or I can just use my neighbor’s totally open WiFi access point.