Re: [PLUG] personal WiFi security: Stopping the barbarians at the gates

Isaac Bennetch on 14 Jul 2011 07:50:08 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] personal WiFi security: Stopping the barbarians at the gates

From: Isaac Bennetch <bennetch@gmail.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] personal WiFi security: Stopping the barbarians at the gates
Date: Thu, 14 Jul 2011 10:50:08 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=YQLm+FODNIeVuIyyKDZXSOgnMpr6vXLWGNuWeT7+g3k=; b=dYAE1zRZMT9qjGvVAT7oJTCjStXffoiEt1GtHs4dTgsAo3YdhcOkObQXAvTG48CMJ9 A+NkrfY6JEtqGWSvA1HOoZaHXvuN3AtUZ3lPwWkcoodOejzlv/osydMDnQrPcLYDstfM clsFz+RM8qFIrKezA5UHj+7qEHd+HuYJnIHs0=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11

On Thu, Jul 14, 2011 at 8:47 AM, Floyd Johnson <fljohnson3@isp.com> wrote:

A recent Wired article threw me something remotely useful:

http://www.wired.com/threatlevel/2011/07/hacking-neighbor-from-hell/

After getting past the lawyers' histrionics, I concluded I got some
key things right in my personal network:

(1) WEP was declared more or less a turkey (think "Ishtar") by 2005.
The correct encryption scheme for a personal WLAN, as of 2008, is
WPA2.


When this first appeared on slashdot [1] [2], some of the comments
discussed how, in cases of trying to prove innocence to law enforcement,
having stronger protections on your WLAN makes it more difficult to
defend in court. For instance, if you don't have any encryption, you can
easily claim the illegal material was downloaded by the neighbor next
door or someone driving past. Using WPA2 on your system means the
attacker had to actually hack in to rather strong encryption before
using your wifi, which is a lot harder to demonstrate to a court.

I'm not saying you should leave the door hanging wide open, but if
someone's really bent on framing you for downloading illegal material,
it seems their job might be _easier_ if you have stronger encryption.

1 -http://it.slashdot.org/story/11/07/13/0445224/The-Wi-Fi-Hacking-Neighbor-From-Hell

2 - Which I'm embarrassed to admit, as I feel the quality of slashdot
has gone down hill since I first discovered it years ago, but I want to
properly attribute that I didn't think of all this by myself

(2) One should restrict the set of machines to which access to the
personal WLAN is granted, based on the MAC address in the network
hardware of said machines. (3) The Access Point(s) should NOT
broadcast the SSID of a personal WLAN ("hide that puppy")!


Rich and Matt seem to have broken this down pretty well; I can't comment

on the SSID thing -- I do have mine hidden to keep my bandwidth-suckingNapster neighbors at bay, but haven't fooled myself in to thinking it'sactually protecting me from an attacker.

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] personal WiFi security: Stopping the barbarians at the gates
  - From: Floyd Johnson <fljohnson3@isp.com>

Prev by Date: Re: [PLUG] personal WiFi security: Stopping the barbarians at the gates
Next by Date: Re: [PLUG] Fosscon in Philadelphia: 9 days away
Previous by thread: Re: [PLUG] personal WiFi security: Stopping the barbarians at the gates
Next by thread: Re: [PLUG] personal WiFi security: Stopping the barbarians at the gates
Index(es):
- Date
- Thread