-
May 24th, 2006, 09:55 AM
#16
Registered User
Originally Posted by BOB IROC
Blocking your SSID and using MAC filtering will help at least a little bit with those situations. Don't ya think?
eh, not so much. Both are spoofable, rather easily, using widely available tools with little know-how, but the encryption isn't (assuming you use something OTHER than WEP). I would say, yes turn on your mac filter, but ssid broadcast takes you out of 802.11 compliance...there are reasons this is in the standard.
On paper, if someone's next door, they'll see your network at some point, regardless of SSID turned off. So thats out. If you leave it off, I see it once, setup a fake AP and cause all sorts of hell. Leave yours on, turn on encryption (NOT WEP!!) and those problems are fixed and its much MUCH harder for me to do something evil.
Pre-shared keys are still a "shared secret", but its a billion times better than using static, easily spoofable, interruptable, etc info. AES and TKIP are damn good and I highly recommend them because they're a bitch to crack (got a few galaxy lifetimes sittin around?). The chances of someone busting through that is ungodly unlikely where the others are rather simple.
-
May 24th, 2006, 09:57 AM
#17
Registered User
Originally Posted by 3fingersalute
What I hate is Verizon ships Westell modems out to all new DSL customers with wireless enabled by default, no security enabled, and the average customer installs with the cd, has the Westell modem/router hooked to their computer with an ethernet or usb cable, and have no use for wireless and have no clue that they're broadcasting a free WiFi unsecured signal to anybody nearby.
Nokia (? I think it was a nokia ...it started with an N) APs are like this too.
-
May 24th, 2006, 10:00 AM
#18
Registered User
Originally Posted by 3fingersalute
I like to explain wireless security to people as being like locks on you car or house. Locks keep the honest people honest. If they walk up to a door and turn the handle and its locked, a honest person will walk away. If they're not an honest person, the lock is only going to slow them up a tad from getting in until they smash a window, bust the door (break the WEP/WPA, MAC filter, etc.).
So do you camo the house then to hide it?
-
May 24th, 2006, 11:08 AM
#19
Laptops/Notebooks/PDA Mod
Originally Posted by Fubarian
So do you camo the house then to hide it?
No - I wasn't talking about hiding anything. I was talking about keeping out honest people who wouldn't otherwise do something illegal.
Do you leave your car and house unlocked when you're not there because they're easy to break into?
-
May 24th, 2006, 11:46 AM
#20
Registered User
Originally Posted by 3fingersalute
No - I wasn't talking about hiding anything. I was talking about keeping out honest people who wouldn't otherwise do something illegal.
You had said some of the benefits was hiding the AP, so I was commenting in reference to that.
Do you leave your car and house unlocked when you're not there because they're easy to break into?
nope, but I wouldn't think hiding it (parking it in the garage) would increase the unlikelyhood of a break in either
-
May 24th, 2006, 12:08 PM
#21
Laptops/Notebooks/PDA Mod
Originally Posted by Fubarian
You had said some of the benefits was hiding the AP, so I was commenting in reference to that.
I never said anything about hiding it at all.
Originally Posted by Fubarian
nope, but I wouldn't think hiding it (parking it in the garage) would increase the unlikelyhood of a break in either
So why do you lock your garage or house at all then?
-
May 25th, 2006, 08:43 AM
#22
Registered User
Originally Posted by 3fingersalute
I never said anything about hiding it at all.
yea ya did
Originally Posted by 3fingersalute
Well, I wouldn't say "zero" benefits, here are a few:
- People who are not wardriving, etc. will not notice your network. If the average joe just pulls out a pda, laptop etc. and isn't looking to "crack" into a WiFi network, but rather just "hop" onto a free WiFi signal, they'll just keep moving along.
- The neighbor next door will not have it listed in his available networks, etc. and possibly connect to it either intentionally or unintentionally.
thats hiding an AP for the wrong reasons.
So why do you lock your garage or house at all then?
I keep my car in the garage because I like my car clean and I live in an access controlled building
-
May 25th, 2006, 09:00 AM
#23
Laptops/Notebooks/PDA Mod
Originally Posted by Fubarian
yea ya did
Wrong. Search the page, not once did I ever mention the word "hide"
-
May 25th, 2006, 09:01 AM
#24
Laptops/Notebooks/PDA Mod
Originally Posted by Fubarian
I keep my car in the garage because I like my car clean and I live in an access controlled building
Ok, but do you lock the garage door, or the doors of the car? If so, why?
-
May 25th, 2006, 12:17 PM
#25
Registered User
You are taking this conversation in the wrong direction and thank you, but I do not need to search, I'm following along rather well - I'm not sure if you are though, so lets review.
If you go back over the convo, you'll notice I commented on zero security benefit disabling the SSID, period, you claimed there were indeed benefits to hiding the SSID, ie, hiding an AP, as you put it I wouldn't say "zero" benefits (see the quote prior) whereas I said there is zero benefit so you used the analogy of a house. Using this analogy, I asked if you camo the house to hide it, pointing out the uselessness of hiding an SSID.
I never once said protecting it was a bad idea. Continuing to follow the "House" analogy, I do not "hide" my car in the garage because it adds protection, I do it for other reasons.
Are we on the same page now?
-
May 25th, 2006, 12:33 PM
#26
Laptops/Notebooks/PDA Mod
Originally Posted by Fubarian
Are we on the same page now?
I understand what you are saying, yes; and from a security stand-point, I'll agree that disabling the SSID does not "hide" you AP. NetStumbler, those little keychain WiFi finder, etc. make it very easy to find a WiFi signal, regardless of whether the SSID is being broadcast or not.
I do however, still feel there are advantages to not broadcasting the SSID.
-
May 25th, 2006, 12:43 PM
#27
Registered User
Cheers for the advice. Ive set up WPA-PSK security so hopefully it will be ok.
Mick
-
May 25th, 2006, 01:40 PM
#28
I wrote about this in another post. My probelm is that there doens't seem to be a tried and true method to set any of these diff. solutions up. Seems once I enable anyone of them I can't add other computers to the connection. Can anybody shed some light on this subject? I work in a medical field office and they want a wirless set up for sales people. I want to use the highest level of security possible due to HIPPA but I cn't get it to work. Chris
-
May 25th, 2006, 01:58 PM
#29
Laptops/Notebooks/PDA Mod
Originally Posted by musicman7722
I wrote about this in another post. My probelm is that there doens't seem to be a tried and true method to set any of these diff. solutions up. Seems once I enable anyone of them I can't add other computers to the connection. Can anybody shed some light on this subject? I work in a medical field office and they want a wirless set up for sales people. I want to use the highest level of security possible due to HIPPA but I cn't get it to work. Chris
If you're dealing with HIPPA, I just wouldn't even bother with wireless dude. As stated before, even when secured to the best of its ability, its still very vulnerable.
What do these sales people need access to? If its just internet, setup a separate router on a different subnet to get them access to internet only.
-
May 25th, 2006, 02:19 PM
#30
Originally Posted by 3fingersalute
If you're dealing with HIPPA, I just wouldn't even bother with wireless dude. As stated before, even when secured to the best of its ability, its still very vulnerable.
What do these sales people need access to? If its just internet, setup a separate router on a different subnet to get them access to internet only.
The sales person needs complete access to the server fro e-mail, printer etc. You are probably right i.e. the HIPPS, prob is I have to convince them its that and not my inability
Chris
Similar Threads
-
By marik in forum Networking
Replies: 1
Last Post: October 6th, 2005, 03:49 AM
-
By Ya_know in forum Networking
Replies: 8
Last Post: May 20th, 2005, 08:03 AM
-
Replies: 3
Last Post: April 25th, 2004, 07:15 PM
-
By Mech in forum Networking
Replies: 4
Last Post: September 15th, 2003, 11:28 AM
-
By tablesalt in forum Windows NT/2000
Replies: 0
Last Post: December 18th, 2002, 09:55 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks