Wieless security (was: Suspend bug)
Manuel Arostegui
manuel at todo-linux.com
Mon Feb 5 09:04:32 UTC 2007
On Mon, February 5, 2007 06:01, Tim wrote:
> On Sun, 2007-02-04 at 21:29 -0700, David G. Miller wrote:
>
>> <sarcasm>
>> So, to your way of thinking, everyone should just run their AP wide
>> open if they aren't running WPA. Or is WPA not enough?
>
> No. The point is not to *call* something a "security measure," that
> isn't one. It gives one a false sense of security.
>
> When people go around advocating MAC filtering, for instance, as a
> "security measure," those who don't know any better believe it is, and
> believe they're safe because they do so. It isn't, and they should be told so. As long as they're
> aware of how useless it is, they can make their own minds up as to whether to bother with it. But
> don't go around encouraging anybody to have false beliefs about it.
>
> MAC filtering is *utterly* *useless* as a security measure, you may as
> well not bother with it. There's zero point in relying on it. Why waste any time implementing it?
> Other measures are somewhat better, or
> a lot better, it probably is worth the time bothering with them.
>
> MAC filtering is as useless as saying a password out loud to the doorman
> outside a busy street. Anybody can hear you use it, then use the same details themselves. That's
> how bad it is.
>
> Likewise, the broadcasting, or not, of the ESSID is *NOT* a "security"
> issue. I've already gone into it, and the others, with enough detail. You're just arguing for the
> sake of it. Go and research the myths of wireless security. There's quite a few reports with a
> title like that that explain all the same things if you don't believe me.
I agree with David, the key is not to have 100% secure wireless, that´s just impossible and we all
know that.
As David said, if a cracker is able to see 10 wireless he will probably break into the easiest
one. If I were him, I´d do that. Here in Madrid at least, we have 3 kinds of wireless, those which
are open, those with WEP and lastly the ones with WPA, aside from the fact that none of them are
secure, I would choose either the open one or the WEP one.
I have a wireless at home and I have set up: WPA + EAP-TLS + RADIUS.
In my flat there are 6 or 7 wireless networks, for sure, mine will be the last choice for a normal
cracker.
More information about the users
mailing list