OT: unathorized network user.

Tim ignored_mailbox at yahoo.com.au
Thu Jan 24 13:45:43 UTC 2008 

Tim:
>> Google around for the myths of wireless security.

Jacques B:
> You did a great job criticizing my advice, but offered non to improve
> on it. 

Yes I did.  Read my last line.  i.e. Get credible advice, elsewhere.
There's a few websites names like that which (a) point out the pointless
*NON* security steps some people take (many of the points I rebutted in
your posting), that are UTTERLY WORTHLESS to security and even cause
problems, and (b) offers actually useful advice for security.

My improvement was in killing the magic and rubbish from the equation.
There is nothing other than encryption that you can do to help.  As far
as "security" goes, *ONLY* encryption provides it.  All the other things
people do, as advised early up in this thread, thinking that they add
security, are utter nonsense.  

I'll say that again UTTER NONSENSE!  The don't provide any security, at
all.  They aren't even a *slight* aid to security.  They have NOTHING to
do with it.  It's not extra layers of defense, it's extra layers of
waffle, confusion, and sheer time wasting.  Hopefully that message is
clear, now.

Even playing with things like MAC filtering and DHCP, which can stop
accidental connections, have nothing to do with security.  They won't
stop a hacker, they won't even stop someone trying manual network
configuration when automatic does work, trying to resolve their
networking problems, not as a hacking attempt.

Do not equate security with burying your head in the sand.  Following
the useless advice is part of a cargo cult mentality, where one clueless
person does something useless, then others ape them (look up "cargo
cult", for those who don't know what it means).

In fact, some of them will cause many people networking problems,
particularly not broadcasting any SSID and messing with power levels.

> You slammed my advice to not use an SSID that personally identifies you
> for privacy reasons.  But then you agree with it (don't use Tim's AP
> was your example).

I said *IF* you don't want your neighbors to know.  But pointed out that
it can be better if they do, and why.  It's not a *SECURITY* issue, in
the slightest.  It's hardly even a privacy issue, it's not too hard to
work out which access points are where if you have something mobile.
The strongest reception locations will point the finger.

> My advice is not bullet proof.  But it's a hell of a lot better than
> what your rebuttal appears to suggest, why even bother with any of
> that because if someone really wants to get in, they will.  Using that
> premise why bother locking your house?

Locking your house *does* provide a reasonable deterrent to a break-in,
doing a good job of locking it even more so.  Merely closing the door
and not answering when someone knocks, does not.  Much of what you
offered has absolutely NOTHING to do with securing a wireless network.
Most of that advice was useless in that regards. 

Why do people insist on parroting that waffle?  If they knew what they
were talking about, i.e. were in a position to knowledgeably offer
advice, they wouldn't include those things.  There's zero point in
following that advice, all people do is waste their time configuring
things that they should just have left alone, falsely feeling secure for
doing so, and then giving them another networking headache (e.g. how to
connect to their own access point without an SSID).

There's a lot of useless and stupid advice about wireless networking
that just buggers things up.  Duff advice needs slamming, and slamming
hard, until people stop giving it, so that other people don't have their
time wasted.

I'll say it again, do some research into the "myths of wireless
security" and "cargo cult mentality."

http://www.google.com.au/search?&q=wireless+security+myths
http://en.wikipedia.org/wiki/Cargo_cult

Wireless *security* nonsense that you shouldn't waste time with:

SSID hiding
Power level management / antenna placement
MAC filtering
Killing DHCP servers
Special IP addressing/limiting

While the last three may help you with network management, 
i.e. minimising random surprises while trying to use your own network,
and something against accidental connections, if sensibly configured by
someone who knows what they're doing with networking, they don't do the
slightest thing towards security.

NB and NB well:  MAC filtering so your neighbour doesn't accidentally
connect is NOT a SECURITY issue.  It doesn't matter, at all, if they try
and connect when you've got good encryption.

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

More information about the fedora-list mailing list