Ensure you're only using wpa2-aes (no tkip, or mix wpa1-2), and use a very
long psk string. Ensure your clients aren't vulnerable to the blueborne
and other wifi ota exploits. Not much else you can do really unless you
want to run a radius and/or cert pki in-house to do eap-tls, or peap. You
can crack against wpa2, but unless using an easy string, it's not easy or
assured they will figure out your string.
I use a 32char random string, special characters, really annoying when
adding new devices, but I don't worry about someone cracking it.
-mb
On Thu, Nov 23, 2017 at 2:58 PM, <
techlists@phpcoderusa.com> wrote:
>
> Hi,
>
> I would like to "Harden" my WIFI and am not sure where to start. I seem
> to recall past discussions on replacing the standard equipment provided by
> our ISP.
>
> I would like to make it very difficult to hack my WIFI and I would like a
> firewall. And I would like this to be "Plug and Play" as much as is
> possible. In other words I would like to stay away from installing a Linux
> firewall on an extra PC and then having to maintain it.
>
> Please feel free to let me know if my expectations are not valid.
>
> Thanks in advance!!
>
> Keith
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)