| 1 |
Grant wrote: |
| 2 |
>>> My Gentoo router's wireless network is encrypted via WPA and doesn't |
| 3 |
>>> DHCP. I'd like to take this a step further in case my WPA key gets |
| 4 |
>>> hacked. Can I issue only certain IPs to certain MAC addresses? |
| 5 |
>>> |
| 6 |
>>> Does WPA2 require hardware support? |
| 7 |
>>> |
| 8 |
>> I don't think so. It should just be a driver/firmware update if you've |
| 9 |
>> got some device that supports WPA and not WPA2. The AES encryption of |
| 10 |
>> WPA2 requires a little more hardware power than WEP or WPA normally |
| 11 |
>> uses, but I don't think it needs any special chip or anything like |
| 12 |
>> that. |
| 13 |
>> |
| 14 |
>> You can also do VPN over your wifi connection, and require it for |
| 15 |
>> access to the rest of your network or the internet. At least then if |
| 16 |
>> someone hacks your wireless key, they still can't do anything without |
| 17 |
>> having your VPN certificate. |
| 18 |
>> |
| 19 |
> |
| 20 |
> It sounds like VPN may be the strongest thing going. Could I turn off |
| 21 |
> WPA and keep everything hidden within the VPN? Could I use a password |
| 22 |
> instead of a certificate for access? Is the only downside that the |
| 23 |
> client needs to have VPN software installed? |
| 24 |
> |
| 25 |
> - Grant |
| 26 |
> |
| 27 |
> |
| 28 |
That's not much of a downside, VPN encryption (IPsec, SSL, L2TP, and |
| 29 |
maybe PPTP) is usually more secure than that datalink-layer WPA or WPA2 |
| 30 |
anyway. As for if you can set it up without a certificate, I believe |
| 31 |
that PPTP and L2TP can operate with nothing more than a "shared secret". |
| 32 |
But, a certificate just makes it all the more secure. And yes, your |
| 33 |
transmitted data will still be encrypted in a VPN even if you're using |
| 34 |
an open wireless hotspot. |
Archives