In the course of my security training at work, I learned many things about security – especially securing wireless networks. In a previous posting many years ago [quite litterally – Sept. 2004], I talked about securing a Wireless network. I was wrong on one topic though: DON’T disable the broadcasting of the SSID. I read a good article on the microsoft web site that basically says it’s more secure to NOT disable the broadcast. In other words, don’t hide the SSID – there are holes in the way XP processes hidden wireless networks which actually causes them to be exposed by the client anyway. Since then, I have made changes and un-hidden the network, while keeping it WPA and now WPA2.
This week, though, my manager allowed me to expense a new wireless router which supports an additional level of security: WPA-Enterprise using RADIUS. I got this to learn more about how ISA & IAG (MSFT’s version of RADIUS) work in concert with a PKI infrastructure and wireless network security. With the new device [which is also stronger for better signal coverage] I will set up an 802.1X certificate-based RADIUS authenticated wireless LAN that should be the most secure home wireless network ever. Corporations do it, but I’ve never seen one in a home before.
But then, not many people have the fun toys at home that I do…
::: jeffphillips.org ::: 