<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.28.1">
</HEAD>
<BODY>
Your sanity seems topped up to me.<BR>
<BR>
Seems like people with nothing to hide/steal are at risk most from botnet-style automated attacks.<BR>
No really talented attacker is going to go after an empty hole, and they already have scoped out more lucrative targets.<BR>
WPA or SSL are no protection against automated dumb-luck phishing attacks. Common sense is pretty good against that.<BR>
Spy-style breaking into your wireless network to use it as a base of attack is way too risky for a smart spy.<BR>
What is the solid range of 802.11a..g? or even 802.11n?? 50 ft radius? Way out to 100ft radius maybe. <BR>
You would probably notice a new tent (probably with a generator beside it or an extension cord running into your garage) in your yard.<BR>
If you route the cables discretely, your wives probably wouldn't complain too long. <BR>
Put your WAP on a VLAN that has no access to the wired core, and then your (legitimate) guests can surf the web <BR>
without bringing weird stuff home to the core.<BR>
<BR>
-Wolf<BR>
<BR>
-----Original Message-----<BR>
<B>From</B>: Michael Trausch <<A HREF="mailto:Michael%20Trausch%20%3cmike@trausch.us%3e">mike@trausch.us</A>><BR>
<B>Reply-to</B>: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale@ale.org><BR>
<B>To</B>: Atlanta Linux Enthusiasts - Yes! We run Linux! <<A HREF="mailto:Atlanta%20Linux%20Enthusiasts%20-%20Yes!%20We%20run%20Linux!%20%3cale@ale.org%3e">ale@ale.org</A>><BR>
<B>Subject</B>: Re: [ale] wireless sanity/security check<BR>
<B>Date</B>: Sun, 3 Jan 2010 21:44:46 -0500<BR>
<BR>
<PRE>
If you want a safe wireless network, ensure that the access point
requires a VPN to be signed into before a route to the Internet (or
the LAN) can be had. Otherwise, your wireless network is, no matter
what, less secure than the wired network in your home (unless you have
Ethernet jacks on your home network that are outside your home...
though even then, it's more secure, because you have to have extreme
physical proximity).
WEP, WPA, etc., are really not any security at all. If you're looking
to put the equivalent of a small fence up to keep the honest people
out, it will pretty much do just that, and nothing more. So, I'd say
that whatever you advise really probably doesn't matter: if people
wanted reliably secure network setups, they'd defer the security to a
VPN such that you are using (at least) SSL to encrypt your connections
and enforce some real access control. That may be overkill for most
people's networks, of course... though I would tend to not agree. I'd
just as soon get rid of wireless in my home altogether. When we get
into a house, I have *every* intention of making it actually secure,
myself.
(Though, my wives might not like that idea...)
-- Mike
On Sun, Jan 3, 2010 at 9:17 PM, Matt Rideout <<A HREF="mailto:mrideout@windserve.com">mrideout@windserve.com</A>> wrote:
> IMO, if the data on your network is important enough to need more than
> WPA, it's important enough to need more than MAC address filtering as
> well. I'd be willing to bet that most people who would be able to defeat
> WPA wouldn't be stopped by the MAC filter.
>
> On 1/3/10 8:14 PM, Mark Wright wrote:
>> I am using a MAC address access list in my router to secure my home
>> network. I know that you can sniff then spoof a MAC address but is
>> seems a little overkill to worry about that out here in suburbia.
>> Especially given no teenagers living within several blocks.
>>
>> I have advised two friends to do the same as their WPA setups quit
>> working or have been uncooperative to additions.
>>
>> Do any of you security experts consider this particularly bad advise
>> to give out? Should I help them get WPA working? After having played
>> with some of the tools for sniffing and cracking strong passwords I am
>> wondering if it is worth the extra effort.
>>
>>
>>
>> Mark Wright
>> <A HREF="mailto:m.perry.wright@gmail.com">m.perry.wright@gmail.com</A> <<A HREF="mailto:m.perry.wright@gmail.com">mailto:m.perry.wright@gmail.com</A>>
>>
>>
>>
>>
>> _______________________________________________
>> Ale mailing list
>> <A HREF="mailto:Ale@ale.org">Ale@ale.org</A>
>> <A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> <A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
>>
> _______________________________________________
> Ale mailing list
> <A HREF="mailto:Ale@ale.org">Ale@ale.org</A>
> <A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
> See JOBS, ANNOUNCE and SCHOOLS lists at
> <A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
>
_______________________________________________
Ale mailing list
<A HREF="mailto:Ale@ale.org">Ale@ale.org</A>
<A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
See JOBS, ANNOUNCE and SCHOOLS lists at
<A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
</PRE>
<BR>
</BODY>
</HTML>