Ensure you're only using wpa2-aes (no tkip, or mix wpa1-2), and use a very long psk string. Ensure your clients aren't vulnerable to the blueborne and other wifi ota exploits. Not much else you can do really unless you want to run a radius and/or cert pki in-house to do eap-tls, or peap. You can crack against wpa2, but unless using an easy string, it's not easy or assured they will figure out your string.

I use a 32char random string, special characters, really annoying when adding new devices, but I don't worry about someone cracking it.

-mb

On Thu, Nov 23, 2017 at 2:58 PM, <techlists@phpcoderusa.com> wrote:

Hi,

I would like to "Harden" my WIFI and am not sure where to start. I seem to recall past discussions on replacing the standard equipment provided by our ISP.

I would like to make it very difficult to hack my WIFI and I would like a firewall. And I would like this to be "Plug and Play" as much as is possible. In other words I would like to stay away from installing a Linux firewall on an extra PC and then having to maintain it.

Please feel free to let me know if my expectations are not valid.

Thanks in advance!!

Keith

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss