| About WiFi Protected Access |
|
It has been well publicised that the older, but still widely used, WEP encryption standard is vulnerable to attack. In fact, open source tools to crack your WEP key are freely available and can normally do their job in ours or days (see for instance this Sourceforge project). WPA (and WPA2/802.11i, which for the purpose of the discussion below can be considered the same) is the next generation encryption standard for WiFi networks that does not suffer from the vulnerabilities of WEP. There are two flavours: WPA-Personal and WPA-Enterprise. Any access point that supports WPA, will support both WPA-Personal and WPA-Enterprise. WPA-Personal As the name suggests, this form is useful for personal use. The system is, like WEP, based on a what is called a “pre-shared key.” The encryption uses a key that is shared between the client and the access point. It is very easy to set-up, since all you need to do is enter the key on the access point and on the clients. For business use, there are two drawbacks to WPA-Personal. First, unless you choose a key that is long enough and random enough (the technical term is that is must have enough “entropy”), WPA-Personal is vulnerable to brute-force and dictionary attacks. For this reason, some advocate to abolish WPA-Personal all-together (see for instance here for a proof-of-concept tool to attack the WPA-Personal pre-shared key). A second drawback is that WPA-Personal is not very scaleable. If you decide to change the key, you not only have to change it on all your access points, but also on all your clients. Depending on the number of access points and clients, this can vary from being a simple to an impossible task. Now, we are not saying that you should not be using WPA-Personal. If your operation is sufficiently small and your are certain that the pass-phrase that you have chosen cannot be cracked, WPA-Personal may be fine for you. If you have doubts, we have an easy solution for you. WPA-Enterprise As the name suggests, this standard is suitable for business use. It uses a protocol called EAP (Extensible Authentication Protocol) to authenticate a user against a centralized server. All access points ask the centralized server for permission to allow the user to connect. It is easy to add and suspend users that you want to allow to access your wireless network, without changing anything on any of your access points or clients! Authentication can be based on a username/password that has to be provided by the client, or on a certificate-based method whereby both the server and the client have to prove to each other who they are by presenting the proper certificate. When both are satisfied, the client is allowed to connect. Set-up of the access point is trivial: all you have to do is configure it to point of BoxedWireless's authentication server and the access point will relay all authentication requests to us. BoxedWireless's Service We provide a centralized WPA-Enterprise Authorization service. We enable you to create and disable users and passwords. and create and revoke certificates through an easy-to-use web-based interface. There is no need to set-up your own RADIUS Server or Certification Authority - we have done all of this for you. Our service comes with a 30-day satisfaction guarantee. If you cancel within this period, we will refund all your money and in return all that we ask is that you complete a short survey on why you chose to cancel. If you have more detailed questions, please read our FAQ Section. To try the service, go to the first step of the sign up process. |