Fred555 Posted April 12, 2017 Posted April 12, 2017 On 7/29/2016 at 4:50 PM, sixwheeledbeast said: All encryption can be compromised with enough computing power, having strong passwords is the key to stop attacks. A 128 bit AES key would take billions of years to brute force. WEP and some WPA can be exploited much easier than a WPA2 connection, WEP was flawed in many ways and WPA was a backwards compatible plaster for WEP. All WiFi should be WPA2 which uses AES 256 bit encryption for maximum security. Any site that would share guest access with the rest of the network is asking for trouble. For me on top of the above quote get a router flash DDWRT / openwrt / tomato onto it (to replace stock router firmware) and you can then run a RADUIS server on the router itself to authenticate WiFi - the rest of the custom firmware functions (QOS anyone?) are a bonus plus those custom firmware's are constantly updated so holes in the underlying Linux that runs most routers gets fixed pretty fast - compared to a lot of "prosumer" (HaHa!) routers that are lucky to be updated only annually by the manufacturer then after 2-3 years zero updates from manufacturer who tell you to buy a new router to plug a security hole the manufacturer won't fix - but with custom firmware there are so many updates if you actually want to take them all up you could wear out a flash memory chip! Quote
sixwheeledbeast Posted April 12, 2017 Posted April 12, 2017 You can run RADIUS and QoS on many higher end routers, most have good support you get what you pay for. While WPA2 Enterprise offers another layer of security, you could the risk in a domestic situation doesn't warrant that. In essence the cryptography between Personal and Enterprise is the same, for example AES. The benefit of Enterprise is if the private key is cracked only that session is compromised whereas in Personal all connections would be compromised at that point. This is due to the way each session is authenticated individually upon connection using a username and password. This authentication can be an issue with internet enabled consumer gear, hence why it's deployed mostly for commercial applications. I agree routers are often overlooked when it comes to firmware upgrades, but equally the security kit we are fitting is likely to be just as vulnerable; more so for CCTV. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.