Hello to all and the moderators:

I'm not sure where this post should be placed, so I started it here. Please feel free to relocate as necessary. My main question regards the security encryption on a wireless network. What is the general consensus as to the best form of encryption to use? WEP, WPA, WPA-TKIP, WPA-AES, or some other combination? I'm trying to find the most secure means to secure my 5 computer home network.

Creekside Rogue

WPA (WPA-TKIP, or WPA-AES if all of your devices support it) or preferably WPA2 (if all of your devices support it). This are uncrackable at the moment as long as you use a sufficietnly long and random password. To make one, see here (https://www.grc.com/passwords.htm). Choose the 63 random printable ASCII characters one, and save it to a text file. Then copy and paste it to enter it in for every device on the network, and you have a nice secure network.

Cheers,

Alphalutra1

Creekside Rogue,

Here is some info on WPA (http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access), TKIP (http://en.wikipedia.org/wiki/TKIP), and WPA2 (http://en.wikipedia.org/wiki/WPA2).


Alphalutra1,

What do you think?
WPA was an interim measure until WPA2 was approved.
All WPA uses TKIP (to allow compatibility with older hardware except 1st generation access points) so there is no difference between WPA and WPA-TKIP.
WEP and WPA both use RC4 encryption.
WPA2 uses AES encryption, so is WPA-AES the same thing as WPA2?
Or was there another interim version of WPA called WPA-AES before WPA2(the IEEE 802.11i standard) came out?
If your hardware only has a setting for WEP, can it still be setup for WPA-TKIP?
Or does the hardware specifically have to support WPA?
WEP is not worth bothering with because it can be cracked in less than 45 seconds.
Why have a false sense of security by using WEP?
If your hardware does not allow for WPA or WPA2, then people should upgrade their hardware if they want to communicate securely on wireless within the LAN.

-{ Quote: "


Alphalutra1,

What do you think?
WPA was an interim measure until WPA2 was approved. " }-
Yes it was, it was to fill the gap before 802.11i (from which WPA2 comes from) was instated.

-{ Quote: "
All WPA uses TKIP (to allow compatibility with older hardware except 1st generation access points) so there is no difference between WPA and WPA-TKIP.
WEP and WPA both use RC4 encryption.
WPA2 uses AES encryption, so is WPA-AES the same thing as WPA2?
Or was there another interim version of WPA called WPA-AES before WPA2(the IEEE 802.11i standard) came out?" }-
Well, WPA-AES doesn't use RC4, since it uses AES for encryption. However, WPA-AES was another gap filler that some hardware makers used before WPA2 came out since AES encryption is hardware based and thus is much faster than the TKIP with RC4. Also, an added security measure to WPA was the MIC which elminated the bad CRC in WEP. I believe that WPA-AES is almost identical to WPA2 in all but name, but I may be corrected on this one.
-{ Quote: "
If your hardware only has a setting for WEP, can it still be setup for WPA-TKIP? " }-

No unfortunately, game adapters are a great example of this. Almost none of them support WPA.
-{ Quote: "
Or does the hardware specifically have to support WPA?" }-
Yes
-{ Quote: "
WEP is not worth bothering with because it can be cracked in less than 45 seconds. Why have a false sense of security by using WEP? " }-
It is a nice deterrent to prevent accidental connections, but if someone wants to access your network and you have WEP, they will.

-{ Quote: "
If your hardware does not allow for WPA or WPA2, then people should upgrade their hardware if they want to communicate securely on wireless within the LAN." }-
Yes, except for some hardware upgrades does cost money, and there may not be any other alternatives.

However, you can encrypt your network using OpenVPN for the encryption, and use some sort of authentication in order to allow a user to connect or not. That is what many businesses did prior to WPA coming out, since WEP was so insecure.

Thank you for all the answers and info Alphalutra1.

-{ Quote: "However, you can encrypt your network using OpenVPN for the encryption, and use some sort of authentication in order to allow a user to connect or not. That is what many businesses did prior to WPA coming out, since WEP was so insecure." }-
This is very interesting.
In another thread previously, you mentioned using OpenSSH in place of the usual Windows file sharing within a LAN.
I've always assumed that SSH and VPN are only used remotely (from a computer within a LAN to a remote computer within a different LAN).
You set these up for communication within a LAN, both client and server?
Does it work well?
You just set it up to connect to the local non-routeable ip address of the other computer within the LAN?
Any special requirements like using static IPs on the LAN instead of dynamic IPs?
Which is better OpenSSH or OpenVPN for the purpose?
What situation would you pick one or the other?