Powerline Networking and Security Considerations

Hello everybody,

I am busy helping a budding who is very security conscious in terms of his network. We need help in regards to a problem and hope that the community can help me. We have spent hours asking google for answers, but to no avail.

The scenario:
My buddy is in the finance industry and thus he is working with sensitive information, in regards to clients and transactions. He moved into a new house where I helped him setup his wifi. We used a complete RADIUS server setup, own CA to issue certs, etc. to secure his wifi network. The problem is that it is a double story home where the wifi doesn't reach everywhere. We tried to use the conduits in the home to pull Ethernet cables, but to our surprises the conduits is filled with cement (actually a very common occurrence in South African homes). So the only remaining option would be to drill and pull cables through the home. The only problem is that there is no way to hide the unsightly cables from view.

Being the tech savvy person he is, he suggested we use powerline adapters. We did get a pair and tested them and to our surprise they worked really well.

The only problem he is having now, he feels that the encryption with the powerline adapters is to weak to protect his interests. The powerline adapters doesn't belong to him, so we still have to buy. So the solution can be applicable to any powerline network e.g. Homeplug, DS2, etc.

Our question to the community is, how do you secure a powerline network with 802.1x or any other protection mechanism. If you could explain what hardware we must use and a possible setup plan, we would appreciate it greatly. We would also appreciate any links to websites, manufacturers, references to books or personal experience that can help us understand how to setup such a security system. Seeing that there is nowhere any article (that we could find on the web) I believe this is an important question that could help a lot of other members in the future.

Thank you for your help,
pcgeek1024 from South Africa

 

Here is an example of built-in security available from the Trendnet powerline products copied from their user guide PDF:

"Assuming your TPL-402E powerline adapters are already plugged into wall power outlets and either currently connected or disconnected to each other.
1. Push and hold the Sync button on one of the TPL-402E powerline adapters for 10 seconds and release it. All LEDs will turn off and turn back on. This will erase the current network name/security key assigned to the first powerline adapter.
2. Push and hold the Sync button on the other TPL-402E powerline adapter for 10 seconds and release it. All LEDs will turn off and turn back on. This will erase the current network name/security key assigned to the second powerline adapter.
3. Push and hold the Sync button on the first TPL-402E powerline adapter for 2 seconds and release it. The PWR LED will start blinking. This will initiate sync/connection and generate a random network name/security key assignment to the first adapter.
4. Within 2 minutes (120 sec), push and hold the Sync button on the second TPL-402E powerline adapter for 2 seconds and release it. The PWR LED will start blinking. This will establish connectivity between the two powerline adapters by assigning the second powerline adapter’s network name/security key to match the network name/security key of the first powerline adapter.
5. To verify connectivity between the two powerline adapters, make sure that the PL LED on each powerline adapter is on solid (Green, Amber, Red)."

Data between the powerline products is secured using AES encription according to the product data sheets and user guides.

Hope this helps....

 

I've seen Netgear Powerline Adapters where the remote end offers an Ethernet connector instead of WiFi. As long as you have an A/C socket close to where you want to setup the second story computer you don't have to deal with WiFi at all.