If your threat model includes nation states, you are outgunned.
A nation state can probably buy the building across the street if that's the value of hacking your system.
Of course there are almost certainly cheaper options,but that's the level of time and budget you are up against...teams of motivated and well resourced experienced professionals working against you full time.
We should still try our best to secure everything against nation state actors, so that people who really need it (journalists, dissidents, security researchers, etc.) can blend into the crowd with regular consumer grade devices
Or just enable "WPA-enterprise" and have it rotate keys. Then you not only have device certificates, you also have per user authentication. And if somebody missed it- rotating keys. They can change faster than they can be cracked. Then you can also layer VPNs ontop of that...
All of which are standard, well known, and proven solutions.
What does that repo offer? With 400 stars, I doubt anybody has given it serious attention.
You make it sound like you just have to flip a switch in your router's settings to enable it, but that is very far from the truth. For that to work you need a RADIUS server to handle credentials, a certificate authority if you want any useful kind of authenticity checks, a process for distributing said certificates and finally you need to configure all your access points. This is something that companies can (and should) have, but for home users it is overkill. Since this repo specifically targets home users, I suspect there is a place for this among enthusiasts who can't or don't want to go all the way on their home network.
“Microsoft warned of a vulnerability in Windows' print spooler”
How much I hated just seeing this process. Print related tasks should never run when not needed.
If your threat model includes nation states, you are outgunned.
A nation state can probably buy the building across the street if that's the value of hacking your system.
Of course there are almost certainly cheaper options,but that's the level of time and budget you are up against...teams of motivated and well resourced experienced professionals working against you full time.
We should still try our best to secure everything against nation state actors, so that people who really need it (journalists, dissidents, security researchers, etc.) can blend into the crowd with regular consumer grade devices
> If your threat model includes nation states, you are outgunned.
If basic security is not implemented, you have bigger problems. (backdoors in Cisco, Fortinet, Palo Alto Networks, skipping tests - Cloudstrike)
Like I said, there are almost certainly cheaper options. It would be unprofessional for intelligence professionals to do things to hard way.
You are outgunned.
https://archive.ph/cKrq8
WiFi security can be improved by per-device passwords, https://github.com/spr-networks/super
Or just enable "WPA-enterprise" and have it rotate keys. Then you not only have device certificates, you also have per user authentication. And if somebody missed it- rotating keys. They can change faster than they can be cracked. Then you can also layer VPNs ontop of that...
All of which are standard, well known, and proven solutions.
What does that repo offer? With 400 stars, I doubt anybody has given it serious attention.
You make it sound like you just have to flip a switch in your router's settings to enable it, but that is very far from the truth. For that to work you need a RADIUS server to handle credentials, a certificate authority if you want any useful kind of authenticity checks, a process for distributing said certificates and finally you need to configure all your access points. This is something that companies can (and should) have, but for home users it is overkill. Since this repo specifically targets home users, I suspect there is a place for this among enthusiasts who can't or don't want to go all the way on their home network.
No radius server needed, the builtin kernel module for wifi access points can do that easily.
You know nothing, John Snow