[ale] About Wireless Connectivity

Bob Toxen bob at verysecurelinux.com
Sun Mar 30 15:00:53 EST 2003 

On Sat, Mar 29, 2003 at 10:19:46PM -0500, Jim Popovitch wrote:
> > -----Original Message-----
> > From: Bob Toxen
> > Sent: Saturday, March 29, 2003 8:57 PM

> > Why SysAdmins don't turn on WEP?

> >   1. Procrastination.
> >   2. "My network won't be breached."
> >   3. Dunno know how and cannot be bothered to learn.


> 4. Don't care.


> A lot of people have nothing to hide and really really really don't care if
> someone else snoops in on their network life.  Their worst fear is not that
> someone will use their wireless network in some fraudulent way.  Seriously,
> there are a lot of people who (in their words) have more important things to
> deal with than network security.

The two problems with this reasoning are:

1. They can break into your boxes and get your passwords that you use
   for online shopping and banking.  Then you will care a great deal.
   You'll care even more when you ask your bank to return the money
   stolen out of your account and they say "NO" because you were
   neglegent.

2. Crackers will use your bandwidth to attack others' networks.  Besides
   this being a bad net citizen, victims of such attacks are starting to
   sue those whose neglegence allowed their networks to be used.

3. Some ISPs will shut you down or even claim damages (read the fine print
   in your contract).

Regarding the other person's response that WEP's 12 hours-to-crack as
being sufficient, that depends.  Will a cracker park his car in front of
someone's home to crack his network?  No.

Will the teenage kid or out-of-work programmer next door leave his AirSnort
running overnight?
Sure.

Will a company's competitor spend 12 hours to steal his customer list?
Sure.

> -Jim P.

Good luck!

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list