How can I configure my wireless network for the strongest security?

Definitely WPA2 - it replaces WPA and is considered "secure". Use AES (TKIP has flaws) with a pre-shared key; make it > 13 characters and as random/secure as possible. This should pretty much guarantee that no one can get into your home router. Not that anyone ever would want to, though -- there are plenty of unsecured APs out there that they'd use first.

MAC address filtering is basically useless as the MAC is sent unencrypted, so anyone watching packets could wait for a MAC to come along that is authenticated, then spoof that (trivial). It just adds overhead to your management ("I got a new laptop, why can't I get on my wireless? OH gotta add the MAC, D'oh!")

Disabling SSID broadcast is also not really useful as that is also easily derivable by sniffing the wireless traffic. Again, it only adds a bit of headache to when you want to reconnect to your network ("What was my SSID again? Ah right, 'SDFSADF'")

If you can set up a home-based VPN on your system as well, that adds an additional level of security. I set my home wireless router to place wireless users in the DMZ (aka internet) so they cannot access my home network unless further logging in via VPN (another username/password w/login timeouts/resets the cracker would have to defeat). For the near future and against a non-governmental cracker, this is secure. :D


What I usually do when setting up a wireless network:

  • Use WPA2-PSK encryption using AES if possible (AES offers stronger encryption than TKIP), with as long / complex a passphrase as possible.
  • Enable MAC filtering, so the network only accepts devices with a certain physical address (MAC address). This security measure is easy to get around and not practical in some scenarios, but if possible, I still usually enable it.
  • Hide the SSID broadcast of the network. This way, the network does not publically announce its presence. Again, not always practical, but if possible I do enable it.