[ale] wireless security

Dustin Strickland dustin.h.strickland at gmail.com
Wed Jan 15 11:07:53 EST 2014


> As to the "router OS" question -- what is it you are looking to
> achieve?  While I have been long a user of DD-WRT/tomato compatible
> hardware, I've reached a point where I don't need my router to do
> anything BUT route.  Anything else I want to do, I can get various
> small computers to do or even buy equipment whose design is biased to
> the task at hand, rather than be reliant on a "trying to be
> everything" router.  And most of the time, when I tried making my
> routers all that they could be, I spent lots of time for little
> benefit, and often introduced "mandatory reboots" in order to keep
> things functional.
> 
> I don't want to have to reboot my router on any regular basis to
> restore its core functionality.  Ever. (Reboot because of memory leaks
> and various other needs, not for security updates; I get why those are
> necessary)

I personally like the interface of DD-WRT and the services it
offers(namely, being able to connect to it via SSH), but that's not why
I use it. It has been, in my opinion, reasonably demonstrated that
OEM router firmware is not to be trusted. Perhaps this isn't of concern
to most people, but I don't like the idea of a TLA or even a mediocre
script-kiddie being able to weasel their way into my router and
compromise my network.

On Wed, 15 Jan 2014 10:52:01 -0500
Brian MacLeod <nym.bnm at gmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> On 1/15/14 8:36 AM, Matt Hessel wrote:
> > WPA2 AES only. (TKIP is broken)
> > 
> > Any other options security wise are trivial to bypass..  Like
> > hidden network, or MAC filtering.
> > 
> > For the more secure option,  put the wireless network isolated from
> > any of your wired devices, and set up openvpn to connect in once
> > you join the wireless network.
> 
> 
> I wholeheartedly agree with Matt's points here.  I will also add that
> you should buy a router whose maximum connectivity is whatever the max
> connectivity is at home (example: I have only G & N compatible
> hardware at home, and I just bought a router with N, not any of the
> AC* stuff).  Why?  Because the new technology is expensive right now,
> and really won't buy you any advantage to your current equipment.
> Save money now and update later when you can actually benefit, and the
> cost of the tech has come down.
> 
> As to the "router OS" question -- what is it you are looking to
> achieve?  While I have been long a user of DD-WRT/tomato compatible
> hardware, I've reached a point where I don't need my router to do
> anything BUT route.  Anything else I want to do, I can get various
> small computers to do or even buy equipment whose design is biased to
> the task at hand, rather than be reliant on a "trying to be
> everything" router.  And most of the time, when I tried making my
> routers all that they could be, I spent lots of time for little
> benefit, and often introduced "mandatory reboots" in order to keep
> things functional.
> 
> I don't want to have to reboot my router on any regular basis to
> restore its core functionality.  Ever. (Reboot because of memory leaks
> and various other needs, not for security updates; I get why those are
> necessary)
> 
> Brian
> 
> 
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQE4BAEBCAAiBQJS1q6hGxhoa3A6Ly9rZXlzZXJ2ZXIudWJ1bnR1LmNvbQAKCRD5
> XCJY/q4Y6PBkB/0TSFVfxy9klYhd1oGdD8KnOgaCNnvHHNXxCqCdop35ZWasBhLY
> 8nB0zCLvAENKmMqqGTPqJNu2ozKqcBpv5dd/mJSePRZlWYIj0PmRK/FAP0MoftMh
> 7XmXL873Ql6t10X4/PCUg1z5kVXeD5mFumyUxU+Tx/NYS9vVPXM1ZB7gMXqXb+vQ
> /g69zXIsPGCjkXtjjwjgTz0CqO8a8hJKugKZHec3pltUvWqlPMktFF1w3Zi7fTf+
> g0PiGJ+zHTRCK8vLWN6XLNQNzDC+AMq1hrA7IXCdYEKHbMji+ghajP9O7miAskCV
> yZ0X3slfE1TTWE4QyRxhzYm4t/6N8m5DAYFh
> =KJPf
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


More information about the Ale mailing list