1 |
Grant wrote: |
2 |
>>> My Gentoo router's wireless network is encrypted via WPA and doesn't |
3 |
>>> DHCP. I'd like to take this a step further in case my WPA key gets |
4 |
>>> hacked. Can I issue only certain IPs to certain MAC addresses? |
5 |
>>> |
6 |
>>> Does WPA2 require hardware support? |
7 |
>>> |
8 |
>> I don't think so. It should just be a driver/firmware update if you've |
9 |
>> got some device that supports WPA and not WPA2. The AES encryption of |
10 |
>> WPA2 requires a little more hardware power than WEP or WPA normally |
11 |
>> uses, but I don't think it needs any special chip or anything like |
12 |
>> that. |
13 |
>> |
14 |
>> You can also do VPN over your wifi connection, and require it for |
15 |
>> access to the rest of your network or the internet. At least then if |
16 |
>> someone hacks your wireless key, they still can't do anything without |
17 |
>> having your VPN certificate. |
18 |
>> |
19 |
> |
20 |
> It sounds like VPN may be the strongest thing going. Could I turn off |
21 |
> WPA and keep everything hidden within the VPN? Could I use a password |
22 |
> instead of a certificate for access? Is the only downside that the |
23 |
> client needs to have VPN software installed? |
24 |
> |
25 |
> - Grant |
26 |
> |
27 |
> |
28 |
That's not much of a downside, VPN encryption (IPsec, SSL, L2TP, and |
29 |
maybe PPTP) is usually more secure than that datalink-layer WPA or WPA2 |
30 |
anyway. As for if you can set it up without a certificate, I believe |
31 |
that PPTP and L2TP can operate with nothing more than a "shared secret". |
32 |
But, a certificate just makes it all the more secure. And yes, your |
33 |
transmitted data will still be encrypted in a VPN even if you're using |
34 |
an open wireless hotspot. |