On Tuesday 17 May 2011 18:11:03 James McKenzie wrote: > On Tue, May 17, 2011 at 9:36 AM, Frank Murphy <frankly3d@xxxxxxxxx> wrote: > > On 17/05/11 14:30, Misha Shnurapet wrote: > >> Which WLAN protection method would you recommend? > >> * Shared key > >> * WPA-Personal > >> * WPA2-Personal > > > > Also if it's your home wLan, hide it, don't broadcast the ssid. > > So those in your neighbourhood won't even know you have a wireless. > > Yes, they will. However, not broadcasting the SSID is a good step, > but not necessarily all you should do. When a client connects to the > network, it inquiries if the network is available. A patient > wardriver will pick this up. However, they will not be able to get > easily and will move on in most cases if they see WPA2. > > The next step is MAC restricting and a lot more. However, just > employing security and hidden SSID is a great start. Most people do > not do this. Hiding the SSID will stop only a casual bystander getting on to your network by accident. Those who actually want to crack into a wireless network would use some tool like airodump-ng (yum install aircrack-ng) to list any and all wireless networks within reach, hidden or otherwise, and then pick which one to crack. In other words, hiding SSID can be compared to a person putting an "I am invisible" sticker on their forehead, and hoping that others would read it and ignore him. Hiding SSID is a matter of convenience, not security. Things like removing the clutter from user's list of available networks, avoiding accidental connections by mobile devices, etc. For security you need to implement some WPA-related stuff and a strong firewall, possibly with MAC-filtering etc. And for sure don't even try to use WEP "security". It's commonly compared to a paper wall, and I've seen it being cracked within 10 minutes using aircrack suite above. I even did it myself once on my own router, just to see how difficult/easy it was. Reading relevant man pages was the hardest part, it took me 20 minutes. Cracking the WEP passphrase took 5 more. I can even sketch you the steps if you like. ;-) In a nutshell, hiding SSID is a "please don't connect to my network" security. WEP is "the door is closed but not locked" security, while WPA is "guess my passphrase" security. Therefore, WPA is the only one that provides the potential cracker some reasonable headache. HTH, :-) Marko -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
