wpa encryption of wireless network how to?

Bill Davidsen davidsen at tmr.com
Sat Feb 16 20:43:44 UTC 2008 

Tim wrote:
> On Tue, 2008-02-12 at 23:08 +0100, Jan Brosius wrote:
>> I also had the impression that I got connected more quickly if I let
>> my router broadcast its SSID.
> 
> If you don't broadcast your SSID, it's harder to work out which access
> point your hardware should be connecting to, and software doesn't have
> an ID to reference which bits of information go together (e.g. this
> access point with that password, and so on).
> 
> If you do broadcast your SSID, you can easily find your access point on
> a list, and connect to your own access point rather than your
> neighbours.  Your neighbours can easily tell which is theirs instead of
> yours, and use the right one.
> 
> Not broadcasting your SSID does *NOT* give you any security, in any way
> whatsoever, it's a fallacy.  Hackers and nuisances can still mess with
> you when you're not broadcasting it.  All that does is give you
> networking problems to work around.

I'm not sure I follow here, while a serious hacker probably has tools to 
determine how to connect without knowing the SSID, it stops wannabes who 
don't have some tool and are likely to continue on to something easier.

As for networking problems, a step approach certainly seems to avoid them.
- using a dummy SSID, broadcast it and make a connection
- stop broadcasting, reboot everything, make a connection
- change the SSID at both ends, reboot everything, make a connection

I've had consistent success with these steps, the 2nd step only seems to 
fail if there are router firmware issues, and you really want those 
fixed anyway.
> 
> Broadcast your SSID.  Set it as something that you can easily see as
> being your access point.  Follow whatever rules there are for using the
> right characters (if you're not supposed to use blank spaces,
> underlines, or something else, then don't use them).  If you can't find
> rules pointing them out, then the simplest thing to do would be just use
> ASCII letters and numbers.
> 
I always believe that making every step of a possible intrusion as hard 
as possible reduces the number of attempts at the next step.

Since I have a router which does WEP only, my connection to the firewall 
accepts only packets to the OpenVPN server which handles the real 
connections. Probably as secure as WPA and avoids having to update a few 
old machines. Since non-trusted connections are used on the road, 
OpenVPN is on every machine anyway.

Feel free to comment on any of this if you feel that there's a better 
way within reasonable time and budget limits.

-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

More information about the fedora-list mailing list