Re: wpa encryption of wireless network how to?

Matthew Saltzman wrote:
On Tue, 2008-02-19 at 14:19 -0500, Bill Davidsen wrote:
Tim wrote:
Bill Davidsen:
You read different security books than I do, mine say you should make every single step as hard as possible, even if there's a workaround the intruder may not know it.
You're still missing the point completely:

IT DOES NOT, IN *ANY* WAY, MAKE IT HARDER FOR A HACKER TO HACK INTO YOUR
WIRELESS LAN WHEN YOU STOP "BROADCASTING" THE SSID. *THEY* DO *NOT*
NEED YOU TO BROADCAST IT TO BE ABLE TO HACK IT. IT GIVES YOU ZERO
BENEFIT AND EXTRA PROBLEMS.

Caps don't make you right, nor do bogus arguments. The object is to make it less appealing to people just looking for a hot spot to use without paying Starbucks, not to block serious hackers. And if they see one with some vendor's default SSID and one with no visible SSID, which do you think they use?

As far as problems (sorry, "PROBLEMS") haven't had or seen any in years, not sure what hidden SSID would hurt.

Several of the wireless drivers have a great deal of trouble with hidden
SSIDs. The Intel drivers have been notorious pains in the <> about it
until about a week or so ago. The latest kernel patches from John
Linville and a version of NetworkManager that's currently in pre-testing
finally seem to have solved the problem. But it's been years. For a
number of reasons, hidden SSIDs seem quite difficult to get right in the
driver.

Ah ha, then that's a limitation I haven't had. I'm running the IPW2200 driver on most laptops, and even as far back as FC4 I haven't had a problem connecting. Good thing to keep in mind if I see this, though, new generation of laptops will be deployed this year.

Do you hear me now? How hard is it to understood that message? Hiding
it does NOT give you ANY security benefits. Not one, not even a little
bit, not even a teensy tiny little bit. You're deluding yourself, start
making your tinfoil beanie, now, if you think that sort of rubbish
helps.

You clearly don't believe that part of security is avoiding attacks. The reason to put ssh on a non-standard port is not because it makes it harder to crack, just because it gets less casual attention. Like a burglar choosing between the dark house with the empty garage or the one with lights on, cars in the driveway, and a "beware of dog" sign, someone looking for easy pickings takes the easy target.

If you think that discouraging wannabees isn't worth it, feel free to set your SSID to "Free Public Access" if you want.

If you want to discourage casual browsers, just encrypt the channel.
WEP is no more of a barrier to anyone with a serious will to connect,
but it's at least as good at stopping casual connectors. It also stops
casual eavesdroppers, but again, not anyone serious about listening in.

Do run WEP, router doesn't support WPA so I am using OpenVPN once connected. Since all the laptops need to use hotspots and random wired connections, OpenVPN is installed everywhere.

We had a lecture last fall by security researcher Rick Farina. He
finally seems to have convinced our wireless network admins to give up
on hidden SSIDs. His point? They don't provide any additional security
and they annoy people who should be able to connect legitimately.

WPA2 is about the only halfway serious measure you can take short of
requiring a VPN.

If the laptops are used on the road, encryption of partitions and a VPN seem like a slightly better than average compromise, while usable beyond some really paranoid setups.

Thanks for the input on blank SSID, happily haven't seen it, but I have a box of PCMCIA cards on my desk which I have to shake out, we may change SSID if the drivers are so limited (or I might think of hacking the driver).

--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • nm vs wireless on my lappy
    ... I know the SSID, and that's set, and the key for that SSID is also set. ... This is with the kernels own bcm43xx driver loaded. ... my year old radio is still too new for the kernel ...
    (Fedora)
  • Re: turning off wzc (zero config for 802.11)
    ... SSID value is when it comes. ... still in development so the driver is likely the problem. ... service or ndis sends the bogus ssid to disconnect. ... to a given SSID value and it just does, regardless of whether WZC is ...
    (microsoft.public.windowsce.embedded)
  • Re: wireless driver for dell latitude d505?
    ... >> to load a driver via kldload but I have no idea what driver it could be. ... > If your wireless network uses wep, you need to issue a command similar to ... You're trying to set the ip-address of the interface to "ssid". ...
    (freebsd-questions)
  • Axim3i and Wireless SSID
    ... I have been able to find where the built in wireless ... my neighbor has an AP and with the auto find of the Axim driver, ... Not to mention it forces me to broadcast my SSID and that is a security ...
    (microsoft.public.pocketpc.wireless)
  • Re: Wireless Router not assigning an IP address to my laptop.
    ... DHCP has failed) when connecting to the wrong SSID. ... It can also happen if and when DHCP lease renewal fails. ... John Navas FAQ for Wi-Fi: ...
    (alt.internet.wireless)