Get rid of devices that don't support WPA2?

[Dave Fey]

So I was configuring a printer yesterday and had a concern. Since a fence is only as strong as the weakest link, is using ANY device that merely has WPA (the old 2.4 standard but now very old) a weak point to be avoided now that we are at 2016 and laptops can have dual GPU's?

I'm starting to wonder if all things that don't at minimum have WPA2 need to be removed or changed out for powerline/Ethernet to avoid splashing a password handshake around the airwaves. If the question involves password complexity, I am well capable in that area and generate solid multi character type keys of at least 15 characters and often above 20. So the keys are pretty solid but is WPA so weak now that it should be removed from a network useage?

So many articles on the topic are 3-4 years old or worse.

 

[wh7qq]

Depends on your location. If you live in a congested metro/suburban area, go with the best security you can get. OTH, living in a sparsely populated rural area you can get away with much more. If you are concerned, WPA2/AES is the best bet. Better yet, Cat 5e or 6 cable.

 

[sfx2000]

So I was configuring a printer yesterday and had a concern. Since a fence is only as strong as the weakest link, is using ANY device that merely has WPA (the old 2.4 standard but now very old) a weak point to be avoided now that we are at 2016 and laptops can have dual GPU's?

I'm starting to wonder if all things that don't at minimum have WPA2 need to be removed or changed out for powerline/Ethernet to avoid splashing a password handshake around the airwaves. If the question involves password complexity, I am well capable in that area and generate solid multi character type keys of at least 15 characters and often above 20. So the keys are pretty solid but is WPA so weak now that it should be removed from a network useage?

So many articles on the topic are 3-4 years old or worse.

If you're on 11n/11ac - you want to depreciate/dump devices that only support WPA/WEP...

WPA2 (along with WMM) are absolutely needed to get the best performance out of 802.11n (in 2.4GHz and 5GHz) as well as 802.11ac in the 5GHz band. WPA2/WMM is actually a requirement for 802.11n, but some vendors do allow for mixed legacy support (802.11b and older 802.11g devices, most 11g devices do support WPA2, except for some handheld console units and printers - HP and Nintendo are the primary ones there)

WPA is still fairly secure - why WPA2/AES is needed is for frame aggregation (which WMM permits), hence better performance...

 

[Dave Fey]

WPA is on the 2.4 only. All 5 band items are WPA2. Still the performance hit?

 

[sfx2000]

WPA is on the 2.4 only. All 5 band items are WPA2. Still the performance hit?

Security hit...

 

[L&LD]

I do not allow any device on my network that can't connect with WPA2 or higher. Recommend the same to my customers too (just implementing this for some made an apparent increase in network responsiveness).

I remember years ago that some platform or another was billed as super secure. The successful hacker didn't get in from the main system, but from a printer that was deemed 'not important' to security.

Using any connectivity software that is so outdated is living in denial of how pervasive 'hacking' is anywhere in the world. Even in sparsely populated rural areas.

If you value the data behind your router's defenses, don't compromise it for a $39 piece of hardware that is used sparingly by most today (a printer).

 

[sfx2000]

I do not allow any device on my network that can't connect with WPA2 or higher. Recommend the same to my customers too (just implementing this for some made an apparent increase in network responsiveness).

I remember years ago that some platform or another was billed as super secure. The successful hacker didn't get in from the main system, but from a printer that was deemed 'not important' to security.

Unfortunately - it happens - it's older devices that hang around - they still have utility (Printer/Scanner MUI devices) along with older handhelds (Nintendo DS/Sony PSP) that drag WEP/WPA long past things..

Let's not talk about the IoT things/Cloud plays...

Security is an issue...

 

[Dave Fey]

I'm thinking a powerline adapter will eliminate the printer and a bridge will take care of the other set.

 

[System Error Message]

Even better, if you have devices like printers that dont support wpa2 AES than you can use a raspberry pi and make your own driverless print and scan server using cups and xsane. CUPS with pdf print can use default windows drivers and cups work with mac (they have bonjour) and various linux though for android you will have to install an app for it. xsane allows scanning using http and you can run it along side an existing webserver or on a different port. The raspberry pi requires a usb wifi adapter for wifi capability so you can get one that supports WPA2 AES.

Some devices like phones and tablets that dont support it, the other option is to use usb wifi or usb ethernet on them. Make sure they support usb host/otg. If they dont than ditch them or just use wire with them. Some mobile devices including some of apple dont support AES either from hardware or firmware issues.

A lot of low end printers support wifi and have usb but dont have ethernet which is where having something like a raspberry pi can be useful as you can power it from the usb port of your router whereas powerline adapters usually require ethernet.

if you absolutely must use wifi without WPA2 AES than the other option is to use hotspot/RADIUS

 

[stevech]

Even better, if you have devices like printers that dont support wpa2 AES than you can use a raspberry pi and make your own driverless print and scan server using cups and xsane.

RPi -- too complicated. Too DIY.

 

[System Error Message]

RPi -- too complicated. Too DIY.

for driverless, otherwise you can use your router's usb port.

 

[stevech]

I have my Epson 630 printer connected to the Ethernet switch because its WiFi failed to reconnect now and then.
The printer doesn't support Apple's <expletive> AirPrint but my Synology NAS presents to the LAN and WiFi the Epson printer per Apple's wishes so the iPAD can print on the Epson. Windows comptuers, laptops just access the printer via WiFi via the router and wired LAN, not printer-direct and not needing Airprint.

The Samsung Android phone and the Android tablet just work. IP camera is wired.

 

[sfx2000]

for driverless, otherwise you can use your router's usb port.

For a lot of the multi-function devices - including HP, this will be printer only, so one might lose the network scanner, not saying will, but might...

 

[stevech]

The scanning function in my networked Epson 630 is wonderful. The HPs I've had are awful.
Just put paper(s) in the scanner (ADF), press scan to PDF, choose which PC, and that's it.
No need to use PC application.
I use this scan to PDF every day.

 

[Nullity]

The scanning function in my networked Epson 630 is wonderful. The HPs I've had are awful.
Just put paper(s) in the scanner (ADF), press scan to PDF, choose which PC, and that's it.
No need to use PC application.
I use this scan to PDF every day.

When my RT-N66U arrived, I thought wiring it directly to my Brothersoft printer via USB would be optimal, but the CUPS idiosyncracies were very annoying.

I dislike the additional WiFi noise, but connecting the printer to the WiFi network like any generic client has been a much more compatible method for all (MAC OSX, Android, Linux, Windows, Apple iOS) devices.