If you have a home wireless access point and you are not sure which wireless security settings to choose, then read bellow.
Today wireless access point devices offers more than one security mode. You could choose between NONE, WEP, WPA (v1),WPA (v2) and WPA Enterprise with RADIUS authentification.
Do not choose NONE, except when you want to provide network connection to all your neighbors.
WEP is a deprecated standard, don't use it! As a security mechanism it provides a key encrypted with a weak algorithm (that's why it's a deprecated standard, anyway).
WPA(v1 ) or just WPA1 is hard to be cracked if you use, for example, 14 random letters or pass-phrase with 5 randomly chosen words. It comes with TKIP and AES encryption protocols. Choose AES if possible.
WPA(v2 ) or just WPA2 (aka WPA Personal) is a better version of WPA1 that implements AES-CCMP algorithm as a mandatory feature. I recommend you to choose CCMP and not TKIP.
For WPA Enterprise (aka WPA with RADIUS authorization) you will need a RADIUS server. You have to be authenticated in order to be accepted by your AP as a trusted connection. For a home user this is too much. Stick to WPA2 and a long random pass-phrase.
The most of AP offers the option to not broadcast your SSID, as a supplementary security feature. It will hide your AP only from novices. Someone that know what is doing do not need your AP SSID to crack your AP. So, if you stick to WPA + long pass-phrase then you can forget about this "hidden SSID" as it provides more setup problems than security.
OK, so you have decided to set your AP with WPA2 with CCMP and a long random pass-phrase and no hidden SSID. Goooood!
As a Linux user I use WPA Supplicant in order to connect my AP. WPA Supplicant is a free software that implements these security standards for Linux, FreeBSD, NetBSD and Windows.
The WPA Supplicant configuration file can be found at:
/etc/wpa_supplicant/wpa_supplicant.conf
You can find also there a configuration template file named wpa_supplicant.conf.template. This template mentions about every possible option that wpa_supplicant offers.
##################################################### # IMPORTANT: hidden SSID doesn't improve security # So far the best security is WPA2+AES (AES aka CCMP) # All options are described at: #   /etc/wpa_supplicant/wpa_supplicant.conf.template #################################################### ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel network={        ssid="fooBar" # whatever SSID you might have        bssid=00:22:bb:4c:e3:5f # if your AP has a MAC use it        priority=10 # the higher the better        key_mgmt=WPA-PSK        pairwise=CCMP # CCMP stronger than TKIP        group=CCMP # CCMP stronger than TKIP        proto=WPA2 # WPA2 is just a alias for RSN        psk="j57Y0KrT42IMIZ" # very long random pass-phrase        # wpa_ptk_rekey=600 # for paranoids        # scan_ssid=1 # only if you have hidden SSID } # ap_scan=2 # use only when hidden SSID
A setup like this is hard to get cracked even by experts. It's simple but effective.
Now, if you think that this article was interesting don't forget to rate it. It shows me that you care and thus I will continue write about these things.
Eugen Mihailescu
Latest posts by Eugen Mihailescu (see all)
- Dual monitor setup in Xfce - January 9, 2019
- Gentoo AMD Ryzen stabilizator - April 29, 2018
- Symfony Compile Error Failed opening required Proxies - January 22, 2018
Reblogged this on Gigable - Tech Blog.