Wednesday, March 9, 2011

Wireless Security and Handhelds

I just switched the wireless security in our office over from WEP, highly insecure and just not done in business environments anymore, to WPA. I would have chosen WPA2 but our wireless AP doesn't support it and is unfortunately EOF by the manufacturer so there are no firmware updates forthcoming to add this functionality. I could muck around with DD-WRT but I prefer to steer clear from that kind of experimentation on production devices. No one would be happy if I brick our lone wireless AP.

As with any change, you always know that something will break, and sure enough I had an employee come to me and report that her HTC Evo had stopped connecting to the wireless even though I'd updated her settings the day before. It was stuck in a loop of trying to get an IP address. I checked the AP and the MAC address wasn't showing up in the table at all. A little research yielded a little-known factoid: first of all, Android phones have problems connecting to WPA using AES and function much better using TKIP, and second of all AES is not actually part of basic WPA but is actually specific to WPA2. It may have something to do with the fact that AES is hardware-based encryption whereas TKIP is software-based. Once I changed the encryption to TKIP, her phone connected with no problem. Of course, TKIP is less secure, but we have to make adjustments.

One to grow on. 

No comments:

Post a Comment