WEP or WPA

[Fubarian]

Blocking your SSID and using MAC filtering will help at least a little bit with those situations. Don't ya think?

eh, not so much. Both are spoofable, rather easily, using widely available tools with little know-how, but the encryption isn't (assuming you use something OTHER than WEP). I would say, yes turn on your mac filter, but ssid broadcast takes you out of 802.11 compliance...there are reasons this is in the standard.

On paper, if someone's next door, they'll see your network at some point, regardless of SSID turned off. So thats out. If you leave it off, I see it once, setup a fake AP and cause all sorts of hell. Leave yours on, turn on encryption (NOT WEP!!) and those problems are fixed and its much MUCH harder for me to do something evil.

Pre-shared keys are still a "shared secret", but its a billion times better than using static, easily spoofable, interruptable, etc info. AES and TKIP are damn good and I highly recommend them because they're a bitch to crack (got a few galaxy lifetimes sittin around?). The chances of someone busting through that is ungodly unlikely where the others are rather simple.

[Fubarian]

What I hate is Verizon ships Westell modems out to all new DSL customers with wireless enabled by default, no security enabled, and the average customer installs with the cd, has the Westell modem/router hooked to their computer with an ethernet or usb cable, and have no use for wireless and have no clue that they're broadcasting a free WiFi unsecured signal to anybody nearby.

Nokia (? I think it was a nokia ...it started with an N) APs are like this too.

[Fubarian]

I like to explain wireless security to people as being like locks on you car or house. Locks keep the honest people honest. If they walk up to a door and turn the handle and its locked, a honest person will walk away. If they're not an honest person, the lock is only going to slow them up a tad from getting in until they smash a window, bust the door (break the WEP/WPA, MAC filter, etc.).

So do you camo the house then to hide it?

[3fingersalute]

So do you camo the house then to hide it?

No - I wasn't talking about hiding anything. I was talking about keeping out honest people who wouldn't otherwise do something illegal.

Do you leave your car and house unlocked when you're not there because they're easy to break into?

[Fubarian]

No - I wasn't talking about hiding anything. I was talking about keeping out honest people who wouldn't otherwise do something illegal.

You had said some of the benefits was hiding the AP, so I was commenting in reference to that.

Do you leave your car and house unlocked when you're not there because they're easy to break into?

nope, but I wouldn't think hiding it (parking it in the garage) would increase the unlikelyhood of a break in either

[3fingersalute]

You had said some of the benefits was hiding the AP, so I was commenting in reference to that.

I never said anything about hiding it at all.

nope, but I wouldn't think hiding it (parking it in the garage) would increase the unlikelyhood of a break in either

So why do you lock your garage or house at all then?

[Fubarian]

I never said anything about hiding it at all.

yea ya did

Well, I wouldn't say "zero" benefits, here are a few:

• People who are not wardriving, etc. will not notice your network. If the average joe just pulls out a pda, laptop etc. and isn't looking to "crack" into a WiFi network, but rather just "hop" onto a free WiFi signal, they'll just keep moving along.
• The neighbor next door will not have it listed in his available networks, etc. and possibly connect to it either intentionally or unintentionally.

thats hiding an AP for the wrong reasons.

So why do you lock your garage or house at all then?

I keep my car in the garage because I like my car clean and I live in an access controlled building

[3fingersalute]

yea ya did

Wrong. Search the page, not once did I ever mention the word "hide"

[3fingersalute]

I keep my car in the garage because I like my car clean and I live in an access controlled building

Ok, but do you lock the garage door, or the doors of the car? If so, why?

[Fubarian]

You are taking this conversation in the wrong direction and thank you, but I do not need to search, I'm following along rather well - I'm not sure if you are though, so lets review.

If you go back over the convo, you'll notice I commented on zero security benefit disabling the SSID, period, you claimed there were indeed benefits to hiding the SSID, ie, hiding an AP, as you put it I wouldn't say "zero" benefits (see the quote prior) whereas I said there is zero benefit so you used the analogy of a house. Using this analogy, I asked if you camo the house to hide it, pointing out the uselessness of hiding an SSID.

I never once said protecting it was a bad idea. Continuing to follow the "House" analogy, I do not "hide" my car in the garage because it adds protection, I do it for other reasons.

Are we on the same page now?

[3fingersalute]

Are we on the same page now?

I understand what you are saying, yes; and from a security stand-point, I'll agree that disabling the SSID does not "hide" you AP. NetStumbler, those little keychain WiFi finder, etc. make it very easy to find a WiFi signal, regardless of whether the SSID is being broadcast or not.

I do however, still feel there are advantages to not broadcasting the SSID.

[Raffaz]

Cheers for the advice. Ive set up WPA-PSK security so hopefully it will be ok.

Mick

[musicman7722]

I wrote about this in another post. My probelm is that there doens't seem to be a tried and true method to set any of these diff. solutions up. Seems once I enable anyone of them I can't add other computers to the connection. Can anybody shed some light on this subject? I work in a medical field office and they want a wirless set up for sales people. I want to use the highest level of security possible due to HIPPA but I cn't get it to work. Chris

[3fingersalute]

I wrote about this in another post. My probelm is that there doens't seem to be a tried and true method to set any of these diff. solutions up. Seems once I enable anyone of them I can't add other computers to the connection. Can anybody shed some light on this subject? I work in a medical field office and they want a wirless set up for sales people. I want to use the highest level of security possible due to HIPPA but I cn't get it to work. Chris

If you're dealing with HIPPA, I just wouldn't even bother with wireless dude. As stated before, even when secured to the best of its ability, its still very vulnerable.

What do these sales people need access to? If its just internet, setup a separate router on a different subnet to get them access to internet only.

[musicman7722]

If you're dealing with HIPPA, I just wouldn't even bother with wireless dude. As stated before, even when secured to the best of its ability, its still very vulnerable.

What do these sales people need access to? If its just internet, setup a separate router on a different subnet to get them access to internet only.

The sales person needs complete access to the server fro e-mail, printer etc. You are probably right i.e. the HIPPS, prob is I have to convince them its that and not my inability

Chris