Matt Mossholder on 14 Jul 2011 13:10:55 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] personal WiFi security: Stopping the barbarians at the gates


On Thu, Jul 14, 2011 at 4:02 PM, Floyd Johnson <fljohnson3@isp.com> wrote:
Well, the bits about a drive-by third party being capable of both MAC
address forgery and deducing a presumed-hidden SSID are starting to make
me wonder if I've been going commando under a suit of pre-ballistic
armor for the last two years. That is, aside from WPA2's actual
encryption, my network is essentially unprotected. Then again, the
balance is that I'm on good terms with those of my neighbors who own
network-capable computers.

Googling for "better than WPA2" turned up some chatter at
http://www.wilderssecurity.com/ suggesting that in early '06,
"reasonable protection" included one heckuva key with WPA2, as Matt
mentioned.

The closest thing to proper bulletproof armor at that time was
implementing a RADIUS authentication server. Supposedly, doing so was
potentially costly, and comparable to the "driving to Chicago" state of
affairs were a commercial airliner made out of the same heavy steel that
surrounds the flight recorders.

What, then, is/should be standard practice for repelling the
piggybacking byte-burglars who want to break into our home LANs?
Then again, the typical drive-by e-bandit perceives where I live as a
place where he's more likely to have his car stolen than gain any
financial or other data worth stealing.

Even implementing RADIUS alone Â(also referred to as WPA2 Enterprise) doesn't actually add any value. It is only when you combine RADIUS with some authentication method that equates to strong authentication that you get any value. For example, using RADIUS with individual users setup with plaintext passwords doesn't really add sizable value over WPA2 Personal. However, if you were to replace plaintext with some form of One Time Password, SecurID, etc. it becomes much more secure.Â

For a home user, though, I would (and do) use a significantly long password, and not worry about it. Unless someone finds a good crack to WPA2, you should be safe enough.

  Â--Matt
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug