With the growth of wireless networking a very common question we hear is “How should I secure my WLAN?”
Well as I said in my last post, “It Depends”
What are you looking to do? Do you have administrative control of the devices that are going to be on the network? Do you have AAA, want to implement one, what about PKI? Oh and my favorite question, is your LAN secure?
Don’t get me wrong, I love a well oiled EAP-TLS environment (PKI is required here folks it is not an option) . But if I can walk in and connect my laptop to the LAN and get access to your network, what’s the point in securing the wireless?
I am by no means saying that you should have a completely open wireless network. Except for guest, that needs to be open and ACL to high heaven to just have internet access. You need to have a secured wireless network, encryption at a minimum.
So notice I said encryption at a minimum.
WEP TKIP and AES-CCMP are encryptions. PSK or even better 802.1X are authentications.
PSK is a shared key. Think of this like the password to your clubhouse as a kid. It could be overheard and anyone could have it.
802.1X uses either credentials (usually domain) or certificates (PKI). Everyone has been trained to not share their domain login.
So decide how much you want to invest in your security, PSK minimal, TLS high. And remember to secure all your layer 1.