802.11 Wireless Attacks & Detection/Defense  Home ToC Prev Up Next 
802.11 overview
Attacks
Detection
Defense
Disabling SSID
AP modifications
+Best practice
EAP selection
Conclusion
  

Best practice

  • Do not use WEP encryption, EAP-MD5, LEAP authentication - if your firmware does not support stronger encryption/authentication methods, always use an IPSEC/VPN solution

  • Replace WPA/TKIP with WPA2/CCMP if it is possible

  • Use WPA-PSK with truly random keys

  • Use secure EAP (PEAP, EAP-TLS, EAP-TTLS, ..)
Copyright © 2005 Pavol Lupták, ICZ a.s.  Prev Next