Protected WLAN

[Tim]

Tim:
>> Completely pointless:
>>
>>  Your device is transmitting something, this is detectable.  And it
>> does so several times a second (i.e. it's continual).


James McKenzie:
> True.  Bet you have a lock on every door to your house as well.
> Turning off the SSID is a deterent.  Make them go somewhere else.
> Same with door locks.  If I want to get into your house, I will.  Even
> if it means using TNT.

They're completely unrelated.  If you want to play with analogies, let
me put it this way:  Painting over the house's street number does not
make it any harder to pick the lock.

SSID has *absolutely* nothing to do with security.


>>  MAC filtering is useless as a security measure

> It will take more 'work'.  Make them go away.

It won't cause /them/ to expend any more effort to get in.  The whole
thing is automated, for complete idiots to be able to do it.  

It does, however, make things more awkward for legit users to use a
network.  Your admin has to reconfigure the network for each new device.
Any mistakes, or hardware changes, and you have to go through all that
again.  All that pain for absolutely no gain.

> Again, make them go away.  Determined criminals will enter your house.
> The common thief will rattle your front door, finding it locked and
> go away.

No, the common thief will just force their way in.  Unless you fortify
your house (which is actually illegal, here), one house is as just about
as easy as another to break in.  One window, a weak door, etc.

These analogies are never good.  You're trying to correlate two
completely unrelated things.

> The only places that I know of that have unsecured networks are coffee
> shops and maybe the occassional food establishment.

Most of which are almost too useless to use.  Too slow, by virtue of how
crap they are, or because they've been hacked and left infested.

> Other than that, lock the damn door and secure it.  Adding MAC
> whitelists is but one of five steps.. We've discussed the other two to
> the end.

MAC filtering isn't any part of security.  It's as secure as a padlock
made out of butter in the middle of summer.  (Since you like bad
analogies.)

Really MAC filtering is only barely useful as the most basic of
management tools.  e.g. You have a video game or mobile phone that
automatically tries to log into a nearby network, and it's a pain to
configure (or you can't).  So you blacklist it, and have your net ignore
it.  But that can only work if whoever uses those devices doesn't
reconfigure them to counteract your blacklist.

People keep promulgating useless and timewasting methods for securing
networks.  Which is bad enough, in itself, as it wastes everyone's time
implementing them and then trying to get the network working despite it.
But worse that it gives people false senses of security.

I don't do any of these useless things, never have, never will, they'll
never make my network any securer.

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.