[ale] wireless sanity/security check

[Pat Regan]

On 01/04/2010 01:03 AM, Michael Trausch wrote:
> The thing is that WPA2 not only relies on not-ancient hardware, but
> also compliant hardware.  WPA2-PSK support is fairly common, and
> most people will find that as being their weakness due to generally
> weak passwords.

This applies equally to a VPN :).  There aren't very many wifi
appliances that support any sort of a VPN.  Most anything that supports
802.11g will support WPA and more than likely WPA2.

A weak passphrase is just as bad for a VPN (if you are only using
passphrases) as it is for WPA.

> Most people still run WEP, and do not change their network SSID from
> its default.

They're lucky if they run WEP.  Verizon's wifi DSL routers seem to use
64 bit WEP.  The default key is your phone number...

> The only provable way to secure a wireless network thay has sensitive
> information on it (in the sense that you would not want someone
> stealing the data on your network because you could be sued or
> whatever) is to use strong encryption and access control.  A VPN
> provides both, depending on what type of VPN is being used.  And it
> will work with very old WiFi hardware, too, which is a plus for many
> people I know.

If you know of an actual deficiency in WPA2+AES with a proper passphrase 
I would love to hear what it is.  If you don't have one, I won't believe 
that you have "the only provable way" to secure a wifi network :).

> It does require more setup... but for many reasons it is worth it if
> your wireless network is for more than just guest use.  And you
> won't get your Internet shut off because they were able to come in as
> a guest and send out all sorts of things your ISP doesn't like.

I know a lot of people with wide open wifi.  I've yet to see one get 
shut off :)

> --- Mike

Pat

> -- Sent from my ADP1 Phone running Cyanogen

Cyanogenmod ships with openvpn installed.  I haven't gotten around to 
connecting it to any of my vpn endpoints, yet, though.