On 5/17/11 6:20 PM, Marko Vojinovic wrote: > I didn't say that cracking wpa2-ps/aes is easy. I was saying that, > whatever > the security algorithm you are trying to crack, having a hidden SSID and > filtered MAC is not going to make it *any* harder than having a public SSID and > no MAC filtering. That data is essentially publicly available to anyone in > range, and can be obtained with no effort at all. One doesn't even need the > know-how, one can just type a single command in the terminal and have all that > "hidden" stuff displayed on the screen. And that command is something you would > type anyway if you want to crack a wireless network. > > In other words, hiding SSID and filtering MACs adds absolutely *nothing* to the > security of the network. It is not even an extra step that one would need to > deal with while cracking. It is literally equivalent to "please don't open me" > sign on the door. Using a serious security algorithm is essential for a > wireless network, but saying that hiding SSID and filtering MAC addresses adds > an additional layer of security is just plain wrong. > However, for the causal observer, like the casual thief, not having an immediately visible door sends them elsewhere. I'll try to make this simple for JD. 1. Hidden SSID. Standard practice. 2. MAC filtering. Standard practice. 3. WPA-2/AES with a well-though out passphrase. Standard practice. 4. WEP. Don't even think of it. 5. WPA. Don't even think of it. 6. Minimal power. Standard practice. (If I can't read your network, then I cannot hack it.) 7. Changing the channel. Standard practice and it prevents interference. There are other things like network segregation and even logging into the router (I've seen both.) However, the most IMPORTANT part is using WPA-2/AES. Your traffic can only then be sniffed by folks if they gain access to the wireless 'box' and manage to put the port into promiscuous mode. (WAP GAP.) That is why I love folks that leave their wireless router open and never change the default user/password. I managed to troubleshoot why a wireless system was not working at a business that way. Marko, is correct in that there are tools that will discover the SSID and the MAC addresses of computers on the network. However, if you try to use my MAC address while I'm connected the call to IT would be most interesting. The point is that without encryption and total security, wireless is wide open. I've been making this analogy. Put a deadbolt on your doors, pin locks on your windows and do all the right things. It takes a determined thief to break in. Then you know you have something that someone wants... The first part of security is knowing what NOT TO do, not what TO do. James McKenzie -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
