Protected WLAN

James McKenzie jjmckenzie51 at gmail.com
Tue May 17 18:24:52 UTC 2011 

On Tue, May 17, 2011 at 11:10 AM, Tim <ignored_mailbox at yahoo.com.au> wrote:
> On Tue, 2011-05-17 at 17:36 +0100, Frank Murphy wrote:
>> Also if it's your home wLan, hide it, don't broadcast the ssid.
>> So those in your neighbourhood won't even know you have a wireless.
>
> Completely pointless:
>
>  Your device is transmitting something, this is detectable.  And it
> does so several times a second (i.e. it's continual).
>
True.  Bet you have a lock on every door to your house as well.
Turning off the SSID is a deterent.  Make them go somewhere else.
Same with door locks.  If I want to get into your house, I will.  Even
if it means using TNT.

>  MAC filtering is useless as a security measure, and can be a pain in
> the neck for yourself trying to get things working.  It can't force
> someone to be unable to connect, but it can make it awkward for you,
> making you have to reset things to allow your computer when you make
> mistakes, or want to connect a different NIC.
>
Same thing here.  It will take more 'work'.  Make them go away.


>  With WPA2 use *only* AES out of the AES/TKIP choices.  That means AES
> by itself.  Not TKIP.  Nor TKIP and AES as a combination.  And for the
> PSK/EAP choice, you'll probably only be able to use PSK.  I seem to
> recall that EAP was another bad choice, but you'll need to research
> that.
>
Agreed.

>  Password length and wierdness increases security.  You're less likely
> to be hacked by lucky guesses if you don't have plain words in there.
> Certainly don't use real names, phone numbers, birthdates, or anything
> else that's easy for someone else to find out about you.
>
Yep.  Use a passphrase that is something easy for you to remember, but
hard for others to guess.

Again, make them go away.  Determined criminals will enter your house.
 The common thief will rattle your front door, finding it locked and
go away.

>  NB:  Regarding another posting about using foreign words, the password
> is either ASCII or HEX.  So UTF, or other encodings, are out of the
> question.  But if you can write the word using ASCII, you can enter it.
>
>  Having an unsecured net is sheer stupidity.  You might think what the
> hell, I've nothing to lose...  Well, the moment someone does something
> illegal through your network you're in for some legal fun and games that
> you really don't want to be bothered with.
>
Ask the 83 year old lady in NYC about the child porn case she found
herself involved with.  Was a 25 year old registered sex offender
using a 'friends' computer.  She got her front door broken down and he
got 170 years and had to pay for a new door.

The only places that I know of that have unsecured networks are coffee
shops and maybe the occassional food establishment.  Other than that,
lock the damn door and secure it.  Adding MAC whitelists is but one of
five steps.. We've discussed the other two to the end.

James McKenzie

More information about the users mailing list