[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OT: unathorized network user.

On Thu, Jan 24, 2008 at 12:34:29PM -0500, Jacques B. wrote:
> My frustration has to do with the fact that someone asked a question
> on how to secure a wireless connection.  I provided advice of measures
> available within the context of a typical home wireless router.  And
> my reference to low hanging fruit and such and the caveat of the kid
> next door who has all the time in the world to bang away at your
> system (vs someone driving by) made it obvious that it's not a 100%
> guaranteed secure solution.
> In comes Tim stating that most of what I said was "useless".

FWIW, I agree with you.  A good analogy is a bank--just because they
have a nifty vault with a multi-ton door and timelock, they don't
leave it sitting on the outside wall of the bank.  It's inside, behind
a counter and employees, and usually there's a locked grate in front
of it.  After hours, it's minor for a good crook to get through the
outside door, find the vault area, get through the grate, and finally
get working on the vault.  But all of those are time-wasters and require
some determination and knowledge to circumvent.

Similarly, leaving SSID on doesn't stop the determined hacker with tools.
But none of the common WiFi connection agents on laptops will show a
non- broadcast SSID; you have to go out, get the tools, and work on it.
Restricting MAC addresses can easily be overcome--but you have to have
gotten the tools to do so.  DHCP--eh, it's too convenient to get rid of.
Logging--preferably with forwarding to an internal system--is useful.
But after all of these, let the cracker find the WPA encryption behind
all the lightweight stuff.  You've got to have someone who really wants
into your network at that point.

All of the other stuff will at least be annoying to the real cracker,
and will stop inadvertent accidental, or casual deliberate, use of your
network, and doesn't cost you anything in terms of time or effort.

Why the outraged indignation?  All security is a layered amalgam of
strong and weak measures.

$0.02, YMMV, etc.
	Dave Ihnat
	President, DMINET Consulting, Inc.
	dihnat dminet com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]