Securing data sent to an unencrypted WiFi AP

Posted by David Parunakian on Server Fault See other posts from Server Fault or by David Parunakian
Published on 2011-06-24T11:56:30Z Indexed on 2012/12/15 5:09 UTC
Read the original article Hit count: 189

Filed under:
|
|

The business plan of a project I'm involved in assumes selling certain WiFi-enabled devices to end users. All these devices originally have an unencrypted connection and a standard SSID. The problem is that although the user can connect to it and set both a new SSID and a WPA passphrase, these are being sent to the AP in plain text and thus can be intercepted by anyone nearby with a sniffer. What's the best solution to this problem, and why?

  • Initially set up an encrypted wireless network at the device and supply the user with a printed passphrase
  • Buy an SSL certificate for the AP's default IP address or local domain name (the APs aren't supposed to work as a router and have a captive portal & dnsmasq installed, so all of them can pretend to be myunit.example.com, as far as I understand)
  • Something different

Thank you.

© Server Fault or respective owner

Related posts about security

Related posts about ssl