[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OT: unathorized network user.



On Jan 24, 2008 2:28 AM, Tim <ignored_mailbox yahoo com au> wrote:
> On Wed, 2008-01-23 at 21:23 -0500, Jacques B. wrote:
> > Use WPA,
>
> Reasonably good.  We'll see how long that lasts, someone will probably
> come up with an easy hack at some stage.
>
> > MAC filtering (only allow connections from ...),
>
> Virtually useless except for preventing *accidental* connections.
>
> > don't broadcast SSID
>
> Utterly useless.  You still transmit, you appear as *something* on the
> list of available connections, just not named.  Hackers can still get
> in, quite easily.
>
> > (and don't use a SSID that provides someone with an indication of who
> >  owns the AP - more for privacy reasons),
>
> Bad advice, as it stands.  Yes, probably don't call it "Tim's AP" if you
> don't want neighbours to know which is really which, but do pick some
> unique name that identifies them apart (e.g. something like "ap2370" is
> generic and unique).  Though, on the other hand, if you have problems
> with channel interference, as some do, then it can be handy to work out
> an arrangement with your neighbours about using different channels.
> That's easier to do if you know who's running what.
>
> Accidental connections are less likely if you broadcast an SSID that
> obviously isn't the access point that they' want.  e.g. If all the
> neighbours SSID were "netgearap" they couldn't easily tell which ones
> they should be using.  I've seen places where there's three virtually
> identical access points on the list, and where it wasn't appropriate to
> just use anything.
>
> Google around for the myths of wireless security.
>
> --

You did a great job criticizing my advice, but offered non to improve
on it.  I wasn't suggesting that the above will solve all your woes.
It's a defense in depth approach within the scope of most home
wireless routers and within the ability of the typical consumer of
that technology.  I am well aware of the inherent weaknesses of each.
But combined they do a decent job for the average home user.

Your rebuttal is the equivalent of someone offering advice on how to
keep their vehicle and its contents safe by locking the doors, parking
in a well lit area, don't leave valuables in plain view.  Then you
turning around and stating that all of that is useless because ...

You sammed my advice to not use an SSID that personally identifies you
for privacy reasons.  But then you agree with it (don't use Tim's AP
was your example).  You suggest to use something unique.  I didn't
suggest otherwise.  That latter part of your rebuttal is a good added
suggestion to mine regards SSID.  It does not invalidate my suggestion
at all.  You can't have it both ways, to state that was bad advice and
then turn around and support it through your example.

My advice is not bullet proof.  But it's a hell of a lot better than
what your rebuttal appears to suggest, why even bother with any of
that because if someone really wants to get in, they will.  Using that
premise why bother locking your house?

The steps I suggested act as a deterrent to crimes of opportunity as
well as accidental incidents (drunk accidentally walking into your
house at 2 in the morning thinking it's his house) . They are not
intended to protect the country's secrets.  I pretty much made that
clear by using the low hanging fruit analogy.  Whereas the steps you
suggested... wait a minute, you didn't suggest any.

If my advice was erroneous then yes, it should be addressed.  That was
far from the case.  Your rebuttal does a much greater disservice to
the reader as it pretty much says why bother doing any of it, none of
it will help you achieve 100% security.

Jacques B.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]