Lab Notes

George Ou has an article detailing "the six dumbest ways to secure a wireless LAN". While these security measures won't make your Wi-Fi network less secure, they don't do much to make it more secure. MAC address filtering and SSID hiding will keep a casual user (of the "fire up my laptop and see if I can connect to an open Wi-Fi network" variety) off your LAN, anybody with a modicum of Wi-Fi savvy will be able to get right on. He's also right about LEAP: password data is not encrypted in transit, making offline password-guessing attacks trivial. Where he's wrong is his description of EAP-FAST. It is, in fact, an open standard. What's more, EAP-FAST should work with any 802.1X-capable access point. The nice thing about EAP — from an access point maker's standpoint — is that the access point doesn't need to know anything about EAP protocols. The access point merely acts as a relay — it's the client and server that do all the EAP heavy lifting. Any access point that supports EAP-TTLS, PEAP, or LEAP should work just fine with EAP-FAST.