[ale] wireless sanity/security check

Michael Trausch mike at trausch.us
Sun Jan 3 21:44:46 EST 2010 

If you want a safe wireless network, ensure that the access point
requires a VPN to be signed into before a route to the Internet (or
the LAN) can be had.  Otherwise, your wireless network is, no matter
what, less secure than the wired network in your home (unless you have
Ethernet jacks on your home network that are outside your home...
though even then, it's more secure, because you have to have extreme
physical proximity).

WEP, WPA, etc., are really not any security at all.  If you're looking
to put the equivalent of a small fence up to keep the honest people
out, it will pretty much do just that, and nothing more.  So, I'd say
that whatever you advise really probably doesn't matter: if people
wanted reliably secure network setups, they'd defer the security to a
VPN such that you are using (at least) SSL to encrypt your connections
and enforce some real access control.  That may be overkill for most
people's networks, of course... though I would tend to not agree.  I'd
just as soon get rid of wireless in my home altogether.  When we get
into a house, I have *every* intention of making it actually secure,
myself.

(Though, my wives might not like that idea...)

  -- Mike

On Sun, Jan 3, 2010 at 9:17 PM, Matt Rideout <mrideout at windserve.com> wrote:
> IMO, if the data on your network is important enough to need more than
> WPA, it's important enough to need more than MAC address filtering as
> well. I'd be willing to bet that most people who would be able to defeat
> WPA wouldn't be stopped by the MAC filter.
>
> On 1/3/10 8:14 PM, Mark Wright wrote:
>> I am using a MAC address access list in my router to secure my home
>> network.  I know that you can sniff then spoof  a MAC address but is
>> seems a little overkill to worry about that out here in suburbia.
>>  Especially given no teenagers living within several blocks.
>>
>> I have advised two friends to do the same as their WPA setups quit
>> working or have been uncooperative to additions.
>>
>> Do any of you security experts consider this particularly bad advise
>> to give out?  Should I help them get WPA working?  After having played
>> with some of the tools for sniffing and cracking strong passwords I am
>> wondering if it is worth the extra effort.
>>
>>
>>
>> Mark Wright
>> m.perry.wright at gmail.com <mailto:m.perry.wright at gmail.com>
>>
>>
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

More information about the Ale mailing list