How secure is NXA-WAP200?

pbrinckmann

I have a client that is worried about their network (like most) and they heard somewhere that the NXA-WAP200G is not as secure as some other brands.

Is this just someone talking or is there some possible truth to it? I know a lot of it depends on how it is set up.

Hedberg

As far as security capabilities, I think the main problem is actually with the 11b wireless touch panels which support only WEP. WEP is not secure.

What we do with the access points that we install (either WAP200G or others) is turn off the SSID broadcast and engage MAC address filtering. The only time that I engage WEP is if the customer asks for it. If a miscreant is resourceful enough to find the access point without SSID broadcast and clever enough to sniff out and mimic a MAC address, WEP won't offer much of a hurdle, I think. I believe that the 11g touch panels will support WPA and I have not heard that the WAP200G isn't secure with the WPA available, but I don't actually know that for certain.

I think the best thing to do is to isolate the AMX network from anything that the client considers to be too important to expose given the inherent insecurity of a system that supports nothing better than WEP.

yuri

get the new WAP250G
it supports WPA if im correct

ericmedley

Another way to help make the 'b' side more secure is to require the user(s) to enter the WEP key as apposed to having the WAP send one out. You basically do this by entering in only one possible WEP key in the WAPs management. Then turn off the SSID broadcast.

Then have the users 'uncheck' the "My WEP key is automatically provided for me" in Windows. You also have to set up the same key in the Touch Panel setup menu.

DHawthorne

The encryption protocols are standard. There is no way for one brand to be "less secure" than another if they are running the same protocol. They are most likely thinking of the older ones that only supported WEP, but that is going back quite some time.

ericmedley

DHawthorne wrote:

The encryption protocols are standard. There is no way for one brand to be "less secure" than another if they are running the same protocol. They are most likely thinking of the older ones that only supported WEP, but that is going back quite some time.

I suppose I should be a little more specific. I did not mean to imply that one could make a wierless b network more secure in the sense of someone monitoring the traffic. That's one thing I always tell people. There is no such thing as a secure wireless network. If you're broadcasting, it can be recieved and figured out.

I was referring to keeping jokers off the network by making it harder to log in and get an IP address.

It's always a matter of degrees. I know that in theory my home wireless network is capable of being broken into. However, I'm never really safe from that kind of hacker anyway. The best I can do is keep the riff-raff off. The people who have the knowledge and skill to get past the normal stuff usually have bigger fish to fry. (like banks or military installations)

So, yes one is always at risk. However, it's somewhat of an odds game. Besides, if you monitored my traffic, you'd probably get bored to death. And my bank account is not really worth robbing...

maxifox

pbrinckmann wrote:

I have a client that is worried about their network (like most) and they heard somewhere that the NXA-WAP200G is not as secure as some other brands. Is this just someone talking or is there some possible truth to it? I know a lot of it depends on how it is set up.

Could you please tell what exact worries the client has? Security in the wireless field is really a widespread topic - from encryption protocols and configuration (broadcasting SSID, MAC filtering etc.) to TEMPEST.