Re: wpa encryption of wireless network how to?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Matthew Saltzman wrote:
On Tue, 2008-02-19 at 14:19 -0500, Bill Davidsen wrote:
Tim wrote:
Bill Davidsen:
You read different security books than I do, mine say you should make every single step as hard as possible, even if there's a workaround the intruder may not know it.
You're still missing the point completely:

IT DOES NOT, IN *ANY* WAY, MAKE IT HARDER FOR A HACKER TO HACK INTO YOUR
WIRELESS LAN WHEN YOU STOP "BROADCASTING" THE SSID.  *THEY* DO *NOT*
NEED YOU TO BROADCAST IT TO BE ABLE TO HACK IT.  IT GIVES YOU ZERO
BENEFIT AND EXTRA PROBLEMS.

Caps don't make you right, nor do bogus arguments. The object is to make it less appealing to people just looking for a hot spot to use without paying Starbucks, not to block serious hackers. And if they see one with some vendor's default SSID and one with no visible SSID, which do you think they use?

As far as problems (sorry, "PROBLEMS") haven't had or seen any in years, not sure what hidden SSID would hurt.

Several of the wireless drivers have a great deal of trouble with hidden
SSIDs.  The Intel drivers have been notorious pains in the <> about it
until about a week or so ago.  The latest kernel patches from John
Linville and a version of NetworkManager that's currently in pre-testing
finally seem to have solved the problem.  But it's been years.  For a
number of reasons, hidden SSIDs seem quite difficult to get right in the
driver.

Ah ha, then that's a limitation I haven't had. I'm running the IPW2200 driver on most laptops, and even as far back as FC4 I haven't had a problem connecting. Good thing to keep in mind if I see this, though, new generation of laptops will be deployed this year.

Do you hear me now?  How hard is it to understood that message?  Hiding
it does NOT give you ANY security benefits.  Not one, not even a little
bit, not even a teensy tiny little bit.  You're deluding yourself, start
making your tinfoil beanie, now, if you think that sort of rubbish
helps.
You clearly don't believe that part of security is avoiding attacks. The reason to put ssh on a non-standard port is not because it makes it harder to crack, just because it gets less casual attention. Like a burglar choosing between the dark house with the empty garage or the one with lights on, cars in the driveway, and a "beware of dog" sign, someone looking for easy pickings takes the easy target.

If you think that discouraging wannabees isn't worth it, feel free to set your SSID to "Free Public Access" if you want.

If you want to discourage casual browsers, just encrypt the channel.
WEP is no more of a barrier to anyone with a serious will to connect,
but it's at least as good at stopping casual connectors.  It also stops
casual eavesdroppers, but again, not anyone serious about listening in.
Do run WEP, router doesn't support WPA so I am using OpenVPN once connected. Since all the laptops need to use hotspots and random wired connections, OpenVPN is installed everywhere.

We had a lecture last fall by security researcher Rick Farina.  He
finally seems to have convinced our wireless network admins to give up
on hidden SSIDs.  His point?  They don't provide any additional security
and they annoy people who should be able to connect legitimately.

WPA2 is about the only halfway serious measure you can take short of
requiring a VPN.

If the laptops are used on the road, encryption of partitions and a VPN seem like a slightly better than average compromise, while usable beyond some really paranoid setups.

Thanks for the input on blank SSID, happily haven't seen it, but I have a box of PCMCIA cards on my desk which I have to shake out, we may change SSID if the drivers are so limited (or I might think of hacking the driver).

--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux