Home Wireless SecurityBy CWNP On 02/07/2008 - 4 Comments
Cisco just released an article talking about how greater diligence is needed toward home Wi-Fi security.
No doubt about it - they're right. So what is the market supposed to do? We have Wi-Fi Protected Setup (WPS) that dumbs Wi-Fi security down to a point where any chimpanzee could configure it. In my humble opinion, configuring WPA2-Personal with a strong passphrase is almost that easy as well when you're dealing with a SOHO class AP or WLAN router. I'm not sure it can get any easier from a technical standpoint. Hey, wait, I've got an idea - EDUCATION!
That's right, the answer to this problem is education. While some technical options exist to help this situation, like the Remote AP (RAP) offered by Cisco, Aruba, and several others, often this option isn't available.
Organizations should REQUIRE that telecommuters be educated on the proper use and security of the AP (or whatever Wi-Fi system) and the client devices that will be deployed in the home. Typically those devices are SOHO-class, and the user interface is very simple. This type of education would likely be 4-8 hours in length and cover the basics of logging into the interface, configuring the WLAN (channel, power, SSID), and configuring WLAN security (e.g. WPA2-Personal). It would also be beneficial to cover use of WPS with PINs and the like.
It's my perspective that the fault currently lies with the organization implementing Wi-Fi technology. They either don't know that they should educate their workforce or they refuse to do so. Either way, the ball is being dropped and security suffers. Just my $0.02 on the matter. :)