Making My Wlan Secure With Wpa2

[periva]

If I make a password 20chars long with random chars so that it's no way the word is in any dictionary, can I feel safe that no one can hack my wlan unless someone is trying every possible combination of chars that have the length from 8-62?

[Sparda]

That's fairly safe. Safe enough that any one who just want wifi will move on to the next one. Not necessarily safe enough that some one who hates you will wants to get access.

[Infiltrator]

I'd same the same thing, it is fairly safe to use, at home I use WP2 and a very long phrase with special characters.

Now if you want to make it more challenging for someone across the street, you could use WP2-Enterprise which uses a Radius system for a second authentication.

[digip]

If someone was determined enough, and had a CUDA based WPA cracking machine, they could probably crack it to get in, they just need to capture the 4way handshake.

Personally, I detest wireless, and never trust it, including my own. Change the passwords often, even with a long password. If you use WPA2 with AES and a long ass password, you should be fine though. Just be sure to check your network from time to time if you plan to use it with wifi on a permanent basis. I only enable the wireless when I need it.

Some routers offer the option to separate the Wired nodes from the Wireless ones onto separate subnets, as well as make it so the wireless devices can't see each other once connected(AP Isolation), so if your router has any of these options, be sure to implement them along with MAC address filtering and small DHCP pools only enough for your needed clients on the network, although that isn't full proof and can be spoofed. If you only have 5 machines, then set DHCP to only hand out 5 addresses. In my house, we hard code the IP's and disable DHCP on the router all together.

Also, use an odd subnet, don't stick with the default private lan 10.x.x.x, 192.168.x.x and 172.16.x.x-172.32.x.x networks. You're using NAT, so you can use pretty much any subnet you want really. Make it more difficult for anyone who did manage to figure out the password, to not be able to figure out the subnet in use while having DHCP turned off. My home router is on a non standard private Class A /29 (mask is 255.255.255.248) subnet. This only gives room for 5 nodes on the network. If someone got on and wasn't in the same subnet range, they can't reach the internet without knowing the address of the gateway.

[Infiltrator]

If you wireless router doesn't have the option to separate the networks. You could create two network segments with a router in between, blocking any incoming/outgoing traffic that comes from either networks.

That would be one way to keep the traffic isolated to one network only.