|Jason Costomiris on 9 Dec 2007 20:50:23 -0000|
On Dec 4, 2007, at 10:35 PM, Eric wrote:
This parallels an older discussion here on the PLUG list: I just read this in the Freakenomics blog:Q: Is there any benefit to password protecting your home Wifi network? I have IT friends that say the only real benefit is that multiple users can slow down the connection, but they state that there is no security reason. Is this correct?A: I run an open wireless network at home. There’s no password, and there’s no encryption. Honestly, I think it’s just polite. Why should I care if someone on the block steals wireless access from me? When my wireless router broke lastmonth, I used a neighbor’s access until I replaced it.
I guess old Bruce isn't familiar with putting a wifi device into monitor mode, which allows you to capture all the frames being sent & received on that AP.
I'm appalled that Bruce Schneier would come up with that answer. Historically, I've thought of him as a reasonable man with well thought out opinions on data security matters. Either he's just asleep at the wheel on this particular topic, or he's not the expert I once thought him to be.
Some people go completely nuts, segregating their AP from the wired side of the network, requiring a VPN connection for wifi clients, while also deploying WEP/WPA and using MAC filtering.
I'd say that if you: 1. Use WPA or WPA2 (better than WPA, really - AES is better than TKIP). 2. Forget about WEP - see #1 3. Don't bother with MAC filtering. It's too easy to overcome 4. If you have the means, use WPA2 "Enterprise", with a RADIUS server, otherwise, simply using a reasonably long passphrase for your WPA PSK would suffice (i.e. not the minimum 8 characters - get closer to 63).
You'll be completely fine and safe. - I'll throw a card in monitor mode, get some MAC addrs of your approved clients, then reconfigure my card to use one of your "safe" MAC addresses___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug