Re: Wieless security (was: Suspend bug)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:

On Sun, 2007-02-04 at 08:28 -0700, David G. Miller wrote:
> I run WEP (will probably go to WPA when I find time to diddle with > setting it up), filter MACs and don't broadcast ESSID. I know that > theoretically this set up isn't absolutely secure but I'm guessing
> I've raised the bar high enough that I'll keep the script kiddies,
> access scofflaws and all but the really serious crackers out.  Also, a
> quick scan of the APs in the neighborhood indicates there are several
> that are much easier to crack (or just use).

Script kiddies will attempt something just because they can, there
doesn't have to be some dying need to abuse someone's network.  So I
wouldn't rely on that.

MAC filtering is utterly useless as a security measure.  Anybody can
change their MAC on just about all hardware.  It's only of use to make
accidental connections less likely (i.e. by those not trying to break
into your network, but accidentally connecting to the wrong one).

Not broadcasting an ESSID is going to cause more problems than it
allegedly helps with.  Each ESSID should be unique, and all the clients
should only try to use the ones they're deliberately configured for.  If
it's a common factory default, all and sundry may try to use it.  If you
don't deliberately broadcast it, you're not putting off accidental
connections.  Script kiddies can use your network even if you don't
broadcast it.  If you do broadcast it, then those properly configured
clients will be able to avoid it.

Consensus is that WEP is a complete waste of time, now.
<sarcasm>
So, to your way of thinking, everyone should just run their AP wide open if they aren't running WPA. Or is WPA not enough? On a similar vein, should I also leave my keys in my car and my front door unlocked since someone with the right knowledge can steal my car or break into my house anyway? Just wondering.
</sarcasm>

My approach has been to put as many impediments as I can think of in the way of someone attempting to crack my wireless network. I don't pretend that any one of them or even all of them will keep out a determined, resourceful cracker. My goal is simply to make cracking my network difficult enough that the cracker goes to an easier target. Given a plethora of neighbors with apparently less secure wireless configurations, this isn't just wishful thinking. As I pointed out in another post, I also provide some measure of physical security by putting my AP in my basement. I get a good signal inside the house and the few places I tend to use the laptop outside the house (e.g., on the patio) but the signal degrades rapidly at ground level (let's hear it for a poured concrete foundation with steel rebar). Someone might be able to get a decent signal from a few neighbor's roofs but, again, we're back to my impediment strategy. At some point I'll implement WPA but I'll probably set up a snort box to sniff my incoming wire before I do that.

Cheers,
Dave

--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux