? for the experts on SOHO
Last Post: August 16, 2006:
-
Flaming? Me? Noooooooo.
I don't think I flame but I do admit to being hornery from time to time. (Never say that to your wife/girlfriend because then she'll ask you why a girl in class is making you "horny")
I flame dogs all the time. Like, if I see one on the street I'll whip out my Treo, post something on line and then tell the dog that I just flamed them. You should see how it crushes their spirit.
You crack me up flameboy!
Bo the Wonderpuppy will be seeking revenge -
GT's point (which I strongly agree with) is that even if today WPA-PSK is unlikely to be cracked if using even a semi-strong password due to time, processing power requirements, etc. then tomorrow that won't be the case, if not by JW then by someone else.
Endorsing WPA-PSK with the attitude that even though the vulnerability is well known the tools aren't good enough yet to be much of a threat is dangerous, because once a solution is implemented, it is unlikely to change for a long time. Much better to swollow the pill and do it right the first time.
Now, let me get my flame suit on before Ben's next post... -
OK so now that Cowpatty will be available, What is the absolute way to protect networks in a SOHO or Enterprise enviroment.
IS it CCMP-AES, What is the one way that has not been hacked ?? I think Wireless makes a lot of people wonder why even bother.... -
802.11i is the current best practice.
-
Casey how do I set that up on a Windows Network have any links for me or white papers ?
-
This is a good place to start:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifisoho.mspx
Good luck! -
Now, let me get my flame suit on before Ben's next post...
_________________
Casey Collins
Make sure that you buy some protection for your dog:
http://www.nfpa.org/sparkystuff/index.html -
LOL DC!
-
Even if you use CCMP or 802.11i, your passphrase can still be cracked by an offline dictionary attack when using Preshared Key authentication.
My point is that these attacks are not realistic if you even take a moderate amount of care in choosing a passphrase. The bottom line for SOHO environments is that a reasonably complex Preshared Key when using WPA2 Personal is the best way to go.
When setting up an enterprise network, you want to use WPA2 Enterprise. The important part here is more the scalability than the security. You can make WPA2 Personal just as impenetrable from a cryptographic perspective with complex 20 character passphrases. The problem is that in an enterprise you want to avoid using the same passphrase for all users. As Mr. Coleman likes to remind us, social engineering is a far more dangerous security threat nowadays than cryptographic vulnerabilities. If a seasoned hacker manages to use social engineering to find out the passphrase, your WPA2 Personal security becomes wide open to intrusion. -
Good point,