Cris Rhea <crhea@xxxxxxxx> wrote:
Message: 6
> From: "David G. Miller" <dave@xxxxxxxxxxxxx>
> One reason I ended up running network cable to most of the rooms of our
> house was the trouble I had trying to get a friend's laptop to connect
> to my AP (it's also nice to have a gigabit LAN through the house). If I
> have trouble getting a system to connect and I have full access and know
> "everything", it should at least be fairly difficult for someone who
> doesn't have such access and knowledge.
>
> I run WEP (will probably go to WPA when I find time to diddle with
> setting it up), filter MACs and don't broadcast ESSID. I know that
> theoretically this set up isn't absolutely secure but I'm guessing I've
> raised the bar high enough that I'll keep the script kiddies, access
> scofflaws and all but the really serious crackers out. Also, a quick
> scan of the APs in the neighborhood indicates there are several that are
> much easier to crack (or just use).
>
> Cheers,
> Dave
Not long ago, I shared similar view-- for home use, minimal security should be
"Good enough".
Two things changed my mind:
First, I was doing research for a paper on the current state of wireless security and
was shocked at how many security flaws existed in the early wireless protocols.
For example, I can determine your WEP key and SSID by passively listening to your network.
This can be done with freely downloaded code. Changing one's MAC address (to match
your filters) has been available for years and doesn't require any additional software.
Second, we were talking about this topic and one of my friends told me his neighbor had
been named in a lawsuit over theft of digital music (Sony was suing him). Turns out that
the neighbor hadn't done anything illegal, but someone had been using (stealing) his
home WiFi network to download music.... took him a while (and $$$) to prove he was innocent.
Do a Google search on "War driving"-- it's becoming a popular hobby...
--- Cris
I look at wireless security the same way I look at physical security for
my house. I'm not going to turn the house into the equivalent of a bank
vault (which still doesn't provide absolute security). I mainly want to
keep out script kiddies and access scofflaws, etc.
Could someone break in to my wireless network? Yes. Will it be easy to
do casually (e.g., a quick drive by)? No, they'll have to monitor the
network for some time in order to recover the WEP key, etc. Is this
good enough? Hopefully. Will WPA make it better? Somewhat. After
implementing WPA will my network be secure in an absolute sense? Still
no; just harder.
Oh yeah. One other thing I do is my AP is in my basement. The basement
walls are concrete with rebar so they do a good job of attenuating the
WiFi signal. Makes it even harder to crack my network on a drive by but
someone on my neighbor's roof would probably still get a decent signal.
I always like the saying, "Locks keep an honest person honest." To this
I add, "... or divert the dishonest person to look for someone with a
weaker lock."
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce