Re: Suggestion for wireless router
Date: Sun, 05 Jun 2005 22:08:57 -0400
In article <firstname.lastname@example.org>,
"Roeland Th. Jansen" <email@example.com> writes:
> firstname.lastname@example.org wrote:
>> But it's probably about time I learned more about wireless. I bring a
>> wireless (a/b/g) laptop home from work sometimes, so for now I just need
>> to get a router. My first inclination would be a Linksys WRT54G, but
>> that's a relatively uninformed opinion.
>> Considering that it's planned as something of a learning toy, what would
>> recommendations here be?
> it's good, cheap and runs linux. you have the option for several other
> firmwares as well. go fot it. probably will cost approx $ 60...70 there.
Thanks to all who replied. I did end up getting the WRT54G, and tonight
filled out the rebate slips to go into the mail tomorrow.
Lacking any warnings, I went with the WRT54G because it is hackable and
popular. The biggest reason for getting it was learning, and I wanted
starting knowledge to be a bit more transportable than hacking a Linux
solution with a wireless card. Not that the latter won't be interesting
in its own, and perhaps better in the long run. But I can also look
into the aftermarket Linux culture for the WRT54G, in the long run.
The box was remarkably easy to set up, my biggest problem being a loose
cable on the WAN port. With that resolved, it's now fully integrated as
the router for the 3rd subnet of my home LAN.
On the security side, which is why I got the silly thing...
I use pwsafe to generate and store passwords, so my SSID is 31 random
chars long, and not broadcast. I use WPA security with what they call
"AES". Not knowing what all of this meant, I chose AES because it was
a known acronym, at least. With further reading, it turns out that I
chose well, because AES really implies CCMP, (?) a stronger method than
the "standard" TKIP. It also seems that WPA was an interim "standard"
because 802.11i was taking so long. They tried to make WPA as close to
what 802.11i was going to be, and in fact WPA/AES *is* 802.11i, aka
WPA2. Oh, I also use a 63 random character WPA key from pwsafe. Plus I
filter on MACs.
Obviously all of this isn't going to be perfect, just presumably good
enough to send people somewhere else. For that matter, most of the
time I just turn wireless off, since for now it only talks to my work
laptop, which usually stays at work. That's about as secure as using
scissors to firewall cat5.
Question on my mind, at the moment:
Would I be better off with WPA/Radius? I can get either FreeRadius or
GNU-Radius, though I'll wait at least until I get my LDAP/Kerberos up
and running. (But that's a different story.)