Re: OT: unathorized network user.

On Jan 24, 2008 8:50 AM, John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx> wrote:
Jacques B. wrote:

Jacques
Don't be so touchy. Surely, if someone gave you bad advice you'd want to
hear that is is bad. None of us is perfect.



--

Cheers
John

My frustration has to do with the fact that someone asked a question
on how to secure a wireless connection. I provided advice of measures
available within the context of a typical home wireless router. And
my reference to low hanging fruit and such and the caveat of the kid
next door who has all the time in the world to bang away at your
system (vs someone driving by) made it obvious that it's not a 100%
guaranteed secure solution.

In comes Tim stating that most of what I said was "useless".

What I provided are all steps that can be taken on a typical home
wireless router. The layers of security (using the term loosely) by
themselves for most part provide no security (with the exception of
WPA). However combined these layers will frustrate efforts of a
script kiddy/less sophisticated hacker hopefully enough that they will
move on to the next target. I agree that it will do little other than
mildly entertain a more sophisticated hacker.

Following Jim's advice if all you enable is WPA, then you've made
things that much more convenient for the unsophisticated hacker (and
the sophisticated one as well of course).

Much like even a deadbolt and a lock will not stop a determined thief,
neither will any of the measures available on your typical home
wireless router. That does not mean we should not even bother
implementing the various measures available to us if they are within
our abilities to do so. Closing & locking the windows is another step
to securing a home. A burglar can very, very easily break the window
if they want to get in. Does that mean we shouldn't bother with that
because it's essentially "useless"?

The other reason you should take all the steps I recommended is
because if someone does manage to connect, it will be very clear that
it was not accidental and that the wireless AP was not meant for
public use. Proving criminal intent becomes that much easier because
of all the hurdles the person had to jump in order to connect to your
AP. Yes cracking encryption should be enough to establish intent.
Someone could argue that they thought they were cracking their own AP
(under the guise of doing some penetration testing on their own system
or perfecting their skills because they are a security consultant).
That becomes much less of a plausible argument if the person had to go
through multiple hurdles along the way.

No, it's not perfect. But I definitely disagree that it's completely
useless. Unless the feature introduces a vulnerability in the process
or significantly degrades the performance of your network, it's not
useless (and in some cases serious degradation is tolerable if the
resulting security is much greater and necessary due to the
sensitivity of the data on the network) . To what depth you deploy
the various options I threw out will depend on your abilities and your
personal views on this issue.

Perhaps some have been tasked with deploying and managing more complex
layers of network security for too long. Just because it's not up to
the standard used by a corporation does not make it worthless.

Jacques B.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: OT: unathorized network user.
    ... that are UTTERLY WORTHLESS to security and even cause ... and offers actually useful advice for security. ... In fact, some of them will cause many people networking problems, ... offered has absolutely NOTHING to do with securing a wireless network. ...
    (Fedora)
  • Re: Windows xp screen freezing...randomly
    ... My views on security coincide with the vast ... disregard advice to install security software. ... Mechanical KVM switches often lose the keyboard and mouse on ... "The Linksys KVM, like other electronic KVM switches, is able to ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Windows xp screen freezing...randomly
    ... I read ALL your posts. ... My views on security coincide with the vast ... disregard advice to install security software. ... "The Linksys KVM, like other electronic KVM switches, is able to ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Suggestions for a secure home network
    ... As far as minimizing SSID broadcast, I'm concerned that you would say ... it does 'not' have any security merit. ... separate DSL modem with wireless router for his two MACs. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ...
    (Security-Basics)
  • Re: Suggestions for a secure home network
    ... Policies for establishing that SSID? ... I don't think the above 3 items have any security merit, ... separate DSL modem with wireless router for his two MACs. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ...
    (Security-Basics)