|Isaac Bennetch on 14 Jul 2011 07:50:08 -0700|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] personal WiFi security: Stopping the barbarians at the gates|
On Thu, Jul 14, 2011 at 8:47 AM, Floyd Johnson <email@example.com> wrote:
A recent Wired article threw me something remotely useful: http://www.wired.com/threatlevel/2011/07/hacking-neighbor-from-hell/ After getting past the lawyers' histrionics, I concluded I got some key things right in my personal network: (1) WEP was declared more or less a turkey (think "Ishtar") by 2005. The correct encryption scheme for a personal WLAN, as of 2008, is WPA2.
When this first appeared on slashdot  , some of the comments discussed how, in cases of trying to prove innocence to law enforcement, having stronger protections on your WLAN makes it more difficult to defend in court. For instance, if you don't have any encryption, you can easily claim the illegal material was downloaded by the neighbor next door or someone driving past. Using WPA2 on your system means the attacker had to actually hack in to rather strong encryption before using your wifi, which is a lot harder to demonstrate to a court. I'm not saying you should leave the door hanging wide open, but if someone's really bent on framing you for downloading illegal material, it seems their job might be _easier_ if you have stronger encryption.1 - http://it.slashdot.org/story/11/07/13/0445224/The-Wi-Fi-Hacking-Neighbor-From-Hell
2 - Which I'm embarrassed to admit, as I feel the quality of slashdot has gone down hill since I first discovered it years ago, but I want to properly attribute that I didn't think of all this by myself
(2) One should restrict the set of machines to which access to the personal WLAN is granted, based on the MAC address in the network hardware of said machines. (3) The Access Point(s) should NOT broadcast the SSID of a personal WLAN ("hide that puppy")!
Rich and Matt seem to have broken this down pretty well; I can't commenton the SSID thing -- I do have mine hidden to keep my bandwidth-sucking Napster neighbors at bay, but haven't fooled myself in to thinking it's actually protecting me from an attacker.
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug