Wieless security (was: Suspend bug)

Manuel Arostegui manuel at todo-linux.com
Mon Feb 5 09:04:32 UTC 2007 

On Mon, February 5, 2007 06:01, Tim wrote:
> On Sun, 2007-02-04 at 21:29 -0700, David G. Miller wrote:
>
>> <sarcasm>
>> So, to your way of thinking, everyone should just run their AP wide
>> open if they aren't running WPA.  Or is WPA not enough?
>
> No.  The point is not to *call* something a "security measure," that
> isn't one.  It gives one a false sense of security.
>
> When people go around advocating MAC filtering, for instance, as a
> "security measure," those who don't know any better believe it is, and
> believe they're safe because they do so.  It isn't, and they should be told so.  As long as they're
> aware of how useless it is, they can make their own minds up as to whether to bother with it.  But
> don't go around encouraging anybody to have false beliefs about it.
>
> MAC filtering is *utterly* *useless* as a security measure, you may as
> well not bother with it.  There's zero point in relying on it.  Why waste any time implementing it?
> Other measures are somewhat better, or
> a lot better, it probably is worth the time bothering with them.
>
> MAC filtering is as useless as saying a password out loud to the doorman
> outside a busy street.  Anybody can hear you use it, then use the same details themselves.  That's
> how bad it is.
>
> Likewise, the broadcasting, or not, of the ESSID is *NOT* a "security"
> issue.  I've already gone into it, and the others, with enough detail. You're just arguing for the
> sake of it.  Go and research the myths of wireless security.  There's quite a few reports with a
> title like that that explain all the same things if you don't believe me.

I agree with David, the key is not to have 100% secure wireless, that´s just impossible and we all
know that.

As David said, if a cracker is able to see 10 wireless he will probably break into the easiest
one. If I were him, I´d do that. Here in Madrid at least, we have 3 kinds of wireless, those which
are open, those with WEP and lastly the ones with WPA, aside from the fact that none of them are
secure, I would choose either the open one or the WEP one.
I have a wireless at home and I have set up:  WPA + EAP-TLS + RADIUS.
In my flat there are 6 or 7 wireless networks, for sure, mine will be the last choice for a normal
cracker.

More information about the users mailing list