Security options for wireless networks in consumer-grade routers in the order
of highest security:
1) WPA-PSK should be the preffered choice if it works:
- Need Microsoft Q826942 patch for Windows XP
- Should select a password made of at least 20 random characters, otherwise may be vulnerable to dictionary attacks
- Should use AES rather than TKIP for performance reasons (Broadcom
chipsets support it and have an AES hardware solution)
Notes:
- Netgear WGT624 doesn't support AES (based on Atheros chipset)
- Cannot use WPA with the Dell TrueMobile 1300, it blue screens when
resuming from standby/hibernation. Most likely a driver issue which
hopefully will be corrected.
2) WEP 128-bit:
- Use Open System Key. Never use Shared Key as it will make it easier to
capture WEP key:
http://www.dslreports.com/forum/remark,8645211~mode=flat
- Generate a random WEP key rather than having the hardware generate it
from a passphrase as it will be vulnerable to dictionary attacks
General Notes:
- Do not hide the SSID. It adds a false sense of security and it may have a
performance impact:
http://www.dslreports.com/forum/remark,8735225~mode=flat
- It's OK to add MAC address filtering for wireless clients, but it doesn't
add too much security benefits. MAC addresses can be easily spoofed and they
can be captured from the existing traffic of any already associated clients.
