[ale] wireless sanity/security check
wolf at wolfhalton.info
wolf at wolfhalton.info
Sun Jan 3 23:10:24 EST 2010
Your sanity seems topped up to me.
Seems like people with nothing to hide/steal are at risk most from
botnet-style automated attacks.
No really talented attacker is going to go after an empty hole, and they
already have scoped out more lucrative targets.
WPA or SSL are no protection against automated dumb-luck phishing
attacks. Common sense is pretty good against that.
Spy-style breaking into your wireless network to use it as a base of
attack is way too risky for a smart spy.
What is the solid range of 802.11a..g? or even 802.11n?? 50 ft radius?
Way out to 100ft radius maybe.
You would probably notice a new tent (probably with a generator beside
it or an extension cord running into your garage) in your yard.
If you route the cables discretely, your wives probably wouldn't
complain too long.
Put your WAP on a VLAN that has no access to the wired core, and then
your (legitimate) guests can surf the web
without bringing weird stuff home to the core.
From: Michael Trausch <mike at trausch.us>
Reply-to: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
To: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
Subject: Re: [ale] wireless sanity/security check
Date: Sun, 3 Jan 2010 21:44:46 -0500
If you want a safe wireless network, ensure that the access point
requires a VPN to be signed into before a route to the Internet (or
the LAN) can be had. Otherwise, your wireless network is, no matter
what, less secure than the wired network in your home (unless you have
Ethernet jacks on your home network that are outside your home...
though even then, it's more secure, because you have to have extreme
WEP, WPA, etc., are really not any security at all. If you're looking
to put the equivalent of a small fence up to keep the honest people
out, it will pretty much do just that, and nothing more. So, I'd say
that whatever you advise really probably doesn't matter: if people
wanted reliably secure network setups, they'd defer the security to a
VPN such that you are using (at least) SSL to encrypt your connections
and enforce some real access control. That may be overkill for most
people's networks, of course... though I would tend to not agree. I'd
just as soon get rid of wireless in my home altogether. When we get
into a house, I have *every* intention of making it actually secure,
(Though, my wives might not like that idea...)
On Sun, Jan 3, 2010 at 9:17 PM, Matt Rideout <mrideout at windserve.com> wrote:
> IMO, if the data on your network is important enough to need more than
> WPA, it's important enough to need more than MAC address filtering as
> well. I'd be willing to bet that most people who would be able to defeat
> WPA wouldn't be stopped by the MAC filter.
> On 1/3/10 8:14 PM, Mark Wright wrote:
>> I am using a MAC address access list in my router to secure my home
>> network. I know that you can sniff then spoof a MAC address but is
>> seems a little overkill to worry about that out here in suburbia.
>> Especially given no teenagers living within several blocks.
>> I have advised two friends to do the same as their WPA setups quit
>> working or have been uncooperative to additions.
>> Do any of you security experts consider this particularly bad advise
>> to give out? Should I help them get WPA working? After having played
>> with some of the tools for sniffing and cracking strong passwords I am
>> wondering if it is worth the extra effort.
>> Mark Wright
>> m.perry.wright at gmail.com <mailto:m.perry.wright at gmail.com>
>> Ale mailing list
>> Ale at ale.org
>> See JOBS, ANNOUNCE and SCHOOLS lists at
> Ale mailing list
> Ale at ale.org
> See JOBS, ANNOUNCE and SCHOOLS lists at
Ale mailing list
Ale at ale.org
See JOBS, ANNOUNCE and SCHOOLS lists at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ale