[ale] wireless sanity/security check
Jeff Lightner
jlightner at water.com
Tue Jan 5 09:41:05 EST 2010
By the way - WPA can be cracked in less than an hour as demonstrated a
couple of months ago. WPA2 is the way to go.
-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Pat
Regan
Sent: Monday, January 04, 2010 11:24 PM
To: Atlanta Linux Enthusiasts - Yes! We run Linux!
Subject: Re: [ale] wireless sanity/security check
On 01/04/2010 05:17 PM, Mark Wright wrote:
> I didn't ask the question about wireless security because I thought
> wifi could be intrusion proof. I just wanted to confirm that giving
> my friends advice to use MAC filtering wasn't real bad advice. They
> had failed to get WPA working and there were Christmas presents that
> were not being played with.
>
MAC filtering will not keep very many people out if they are actively
trying to "steal" your bandwidth. The only people you're likely to keep
out with MAC filtering are the people who think they are connecting to
their own network but they are connecting to yours by mistake. It is
amazing how often that happens.
I'm much more paranoid about connecting to an unknown network than I am
about people cracking into mine. I seem especially paranoid in hotels.
I know that if I can fire up wireshark and steal unencrypted pop,
imap, and instant messenger password, so can someone else.
I nearly always VPN or use an SSH proxy on any scary wifi connection :).
> The problem is both of my friends couldn't get WPA to work. My
> wife's sister in law was refusing to use her new laptop because her
> husband had turned WPA off to get it on the internet. I told them
> how to set up MAC filtering over the phone and now she is surfing the
> internet confident that her computer is safe. Just like she sleeps
> soundly because she doesn't know how easy it is to break into her
> locked house.
With any semi-modern hardware (3-4+ years?) I wouldn't expect wpa/wpa2
to be a problem. WEP tends to be problematic because there is more than
one algorithm for converting a passphrase to a hex key.
MAC filtering will likely narrow the opportunity for attack, though. If
someone drives by while no authorized machines are connected then they
will not see any valid MAC addresses to clone.
Pat
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Proud partner. Susan G. Komen for the Cure.
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------
More information about the Ale
mailing list