Ensure you're only using wpa2-aes (no tkip, or mix wpa1-2), and use a very
long psk string.  Ensure your clients aren't vulnerable to the blueborne
and other wifi ota exploits.  Not much else you can do really unless you
want to run a radius and/or cert pki in-house to do eap-tls, or peap.  You
can crack against wpa2, but unless using an easy string, it's not easy or
assured they will figure out your string.

I use a 32char random string, special characters, really annoying when
adding new devices, but I don't worry about someone cracking it.

-mb


On Thu, Nov 23, 2017 at 2:58 PM, <techlists@phpcoderusa.com> wrote:

>
> Hi,
>
> I would like to "Harden" my WIFI and am not sure where to start.  I seem
> to recall past discussions on replacing the standard equipment provided by
> our ISP.
>
> I would like to make it very difficult to hack my WIFI and I would like a
> firewall.  And I would like this to be "Plug and Play" as much as is
> possible.  In other words I would like to stay away from installing a Linux
> firewall on an extra PC and then having to maintain it.
>
> Please feel free to let me know if my expectations are not valid.
>
> Thanks in advance!!
>
> Keith
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>