Re: What can WPA/WPA2 use for Encryption

[Jared Curtis <jared () w00ttech com>]

WPA2 can only use AES/CCMP for the encryption but you can use various
EAP methods for a more secure authentication setup.  EAP-TLS for
example uses client certificates along with a username/password for
authentication.  WPA is similar using RSA/TKIP for the encryption and
key handling.  If given the option use WPA2.

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#EAP_extensions_under_WPA-_and_WPA2-_Enterprise

The type of equipment that the provider offers and the level of access
is really going to determine if you can add any additional security
over a PSK.

If this is a point-to-point connection that is not intended to accept
connections from wireless (laptop, phone, etc) clients then a long
random PSK would be sufficient to offer a secure connection.

If the provider can not provide you with the level of authentication
and/or encryption you need then I would suggest using a vpn connection
between the sites.  Treat the point-to-point connection as a standard
Internet link and firewall access, then establish a VPN between the
sites.  Using a VPN over the connection will allow you to enable any
security measures you need and provide authentication using your
preferred method.

In reference to the second question, microwave connectivity could be
standard 802.11 wifi or it may be another standard within a licensed
frequency.

On Tue, Aug 25, 2009 at 7:41 AM, martin<martiniscool () gmail com> wrote:
> Hi all
>
> We're in the process of installing a leased line between 2 offices which are
> isolated in the country side. The leased line uses "microwave" connectivity
> ... apparently. And uses WPA/WPA2 for encryption
>
> I have 2 questions:
> 1. Can WPA/WPA2 encrypt traffic using any method other than a pre-shared-key
> ?  If so then what ??!!  My boss seems to think it can but I don't see how.
>  Can it use PKI for example ?
>
> 2. Technically a network question rather than a security question, but what
> exactly is microwave connectivity ?  Is it just Wi-Fi by another name ?  Is
> it part of the 802.11 standard ?
>
> The 2nd question isn't so important, but I'm curious about the first one !!
>
> Thanks
> M
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------