WPA Vs WPA2 Vs Radius

Discussion in 'Computer Software and Operating Systems' started by godreborn, Jun 15, 2018.

  1. godreborn
    OP

    godreborn GBAtemp Guru

    Member
    8
    Oct 10, 2009
    United States
    what is the difference between these wireless security methods and what about the enterprise versions of WPA? 'cause I think my printer only supports WEP and WPA V1. thanks!
     
  2. cracker

    cracker Nyah!

    Member
    6
    Aug 24, 2005
    United States
    WEP is the least secure, then WPA followed by WPA2. So use WPA and consider MAC filtering to only allow your devices to connect. Hiding the SSID can prevent layusers from seeing the network as well. You could also bridge another router in WPA mode onto your current router (in WPA2 mode) and use port forwarding/firewalling/etc. on the current router to block access to all but what the printer requires.
     
    godreborn likes this.
  3. Lacius

    Lacius GBAtemp Guru

    Member
    13
    May 11, 2008
    United States
    WPA2 is the only secure option. MAC filtering and hiding the SSID don't offer much protection.
     
    godreborn likes this.
  4. Searinox

    Searinox <3

    Member
    5
    Dec 16, 2007
    Romania
    In particular WPA2-AES is the best option. Consider also any firmware updates for the router after a major vulnerability was found in the protocol a year ago.
     
    godreborn likes this.
  5. godreborn
    OP

    godreborn GBAtemp Guru

    Member
    8
    Oct 10, 2009
    United States
    will wpa2-aes allow existing systems to work (i.e. windows 7/10, the 3ds, the vita/pstv, the ps3, the xbox 360, the wii u, and the switch)?
     
  6. Searinox

    Searinox <3

    Member
    5
    Dec 16, 2007
    Romania
    All of the hardware and OSs you listed in your example are supported. I'd be surprised if not. This implementation has been mainstream for over a decade.
     
    Last edited by Searinox, Jun 15, 2018
    godreborn likes this.
  7. Originality

    Originality Chibi-neko

    Member
    7
    Apr 21, 2008
    London, UK
    To answer the question about Radius, enterprise security is the most secure out of all methods but requires a lot more to set up (namely, a dedicated authentication server to check against logon attempts). For your personal needs, you should only consider WPA2.

    WEP is virtually no security and takes a phone seconds to crack. WPA has long since has its vulnerabilities published and takes a phone maybe a minute to crack. WPA2 has only recently been discovered how to crack, but it’s not been published and takes a lot to crack, making it suitable for your needs as the only consoles that can’t use it are DS and PSP.
     
    godreborn likes this.
  8. godreborn
    OP

    godreborn GBAtemp Guru

    Member
    8
    Oct 10, 2009
    United States
    thanks. should the wpa2 passphrase be something easy to remember or something complicated?
     
  9. Originality

    Originality Chibi-neko

    Member
    7
    Apr 21, 2008
    London, UK
    If you want to be secure, it needs to be long with a mix of 4lPh4Num3r1cs! And [email protected] characters. You can use a few methods to simplify connection afterwards (WPS, WiFi-key, QR code, etc).

    Personally, I think a long phrase with a twist is best. E.g Iwant1pineapple?

    Remember that if you use common words (e.g adminpass) then it’ll get beaten by a dictionary attack. And if you only do simple obfuscation (e.g 4dm1np4ss) without adding capitals and special characters, it can get beaten by a rainbow attack (I think that was the term). If it’s a more complicated password, then the only way to beat it is to brute force it, in which case every digit makes it take exponentially longer to break.
     
    godreborn likes this.
  10. godreborn
    OP

    godreborn GBAtemp Guru

    Member
    8
    Oct 10, 2009
    United States
    do I need to select the security type with any of my examples? I mean can I just use the same key as my passphrase when switching from wep to wpa2 without having to do anything extra?
     
  11. Originality

    Originality Chibi-neko

    Member
    7
    Apr 21, 2008
    London, UK
    When you switch from WEP to WPA2, you will have to re-connect every device to your AP. The only way around this is if you use WPS, which can disable the pass-key requirement temporarily (30-60 seconds if I remember) whilst you re-connect them.

    In most cases, it will detect the security type automatically. If not, it’s a simple case of selecting WPA2 as the security type and the rest are defaults.
     
    godreborn likes this.
  12. godreborn
    OP

    godreborn GBAtemp Guru

    Member
    8
    Oct 10, 2009
    United States
    so is it wise to use the same key from wep as my passphrase for wpa2? my main concern is if someone broke into my router and grabbed the security key. it's probably unlikely that that's happened, but I do want to make sure I'm secure. I just don't want to redo everything for all devices. with that being said, should I create a new passphrase? I've been using mac filtering to mask my SSID, but does that offer any more security?
     
  13. Originality

    Originality Chibi-neko

    Member
    7
    Apr 21, 2008
    London, UK
    If you think someone has your previous key, then absolutely change it. Even if it’s annoying to sign everything back in, do it anyway. The risks of someone being able to do whatever they want in your network.........

    Hiding your SSID protects against casual snoopers but anybody determined to connect to your network will still find it easy. The same tools are used to scan nearby WiFi networks (even those not broadcasting their SSID) and to crack weak encryptions, all from your phone. And if they’ve connected to you once, the only thing stopping them from connecting again when your SDID is hidden, is one single checkbox in network properties.

    It’s a little long winded, but there are ways to detect unauthorised access if your router supports logging (and most do). You should be able to see the MAC address of everything connected normally, check against the MAC address of everything in your house, and then blacklist anything that you don’t recognise. Even this is only a weak defence against casual infiltrators because someone determined enough can still spoof the MAC of some other device on your network.
     
    godreborn likes this.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice