separate access point for them to use. My friends use MAC address
filtering without security. I used to provide an Ethernet switch with
a bunch of cables for my guests, and I always keep a switch handy just
in case.
Also, if you're on news.grc.com you should look into Security Now!,
Steve's weekly podcast with Leo Laporte.
On 8/9/08, Beartooth <karhunhammas@lserv.com> wrote:
> On Fri, 8 Aug 2008, Steven Black wrote:
>
>> On Fri, Aug 08, 2008 at 10:54:48AM -0700, Beartooth wrote:
>
>>> So for those of us who don't want to provide access to
>>> every stranger within reach, what protection is good?
>>
>> The current rage is WPA2[1] / IEEE 802.11i[2]. This is what IU
>> is now using with its "IU Secure"[3] SSID.
>>
>> [1] http://www.wi-fi.org/knowledge_center/wpa2/
>> [2] http://en.wikipedia.org/wiki/IEEE_802.11i-2004
>> [3] http://kb.iu.edu/data/awws.html (What is IU Secure?)
>
> I contacted my ISP, who assured me at once that I can use
> WPA-PSK and the MAC address list simultaneously; this is the
> first I've heard of WPA2 -- I'll ask about that.
>
> I don't remember if I mentioned that I'm on "wireless
> broadband," a new technology (iiuc) which started being rolled
> out a year or so ago. My transceiver, or whatever they're called,
> connects outside the house wirelessly to one on a water tower
> about a mile away; inside the house, it is modem, wired router,
> and when turned on wireless access point. It's a Netgear MBR814,
> a model sold only to ISPs. I don't know if it can be upgraded to
> WPA2, but will ask. I also don't know if it does encryption, but
> I do presume so; it's certainly claimed to be "safe," in some
> sense.
>
>> The MAC thing can be used, but with programmable MAC addresses,
>> if that's the only security a person can snoop on your network,
>> pick up your MAC address and simply reprogram their MAC
>> address. Then they can surf your network and everything gets
>> logged as if it were you. (Perhaps they want to watch your
>> house a little to make sure they pick times where you won't be
>> home.)
>
> That last would be an inconvenience for them; I've been
> fighting colitis for the last couple years, with the result that
> I go out seldom, unpredictably, and not for long.
>
>> Not to mention, that with just MAC filtering, all your
>> communication continues to be in the clear, so in addition to
>> poorly protecting your network, it doesn't protect your data at
>> all.
>>
>> To an extent it is like most security. It doesn't need to be
>> perfect, it just needs to be good enough that the criminals
>> look elsewhere.
>
> My thought exactly -- just like my precautions against
> burglary. As a long-time guns rights activist, as well as linux
> user and Net addict, I'm very familiar with that kind of
> thinking.
>
> For the present passphrase, I settled on a line of
> poetry, with a nice jumble of capitalization, punctuation, etc.,
> that my wife and I can both (hope to) remember. But if the
> Gibsonian random lines that Barry Schatz kindly pointed to* are
> usable, that must mean I need only c&p one into the router and
> each laptop, without need for memorizing -- right?
>
> What about house guests? One laptop (a thinkpad T42
> running, alas!, XP) exists primarily to run proprietary topo map
> software which interfaces with my GPSs -- especially on a
> passenger lap in the truck, or on my own lap if I have a driver.
> The other (a T30 thinkpad, running Fedora 7) exists primarily as
> a guest room amenity for people who don't bring their own.
> Neither is in routine use in the house; so, most of the time, the
> wireless access point is simply turned off.
>
> What of guests who do bring laptops? Will they be able to
> connect if I use a Gibson password?
>
> Finally, my heartfelt thanks for all the discussion.
>
> *(I've been subscribed to several lists at news.grc.com
> for umpteen years, and had never noticed the random password
> generator at grc.com.)
>
> --
> Beartooth Implacable, PhD, Neo-Redneck Linux Convert
> What do they know of country, who only country know?
>
> _______________________________________________
> BLUG mailing list
> BLUG@linuxfan.com
> http://mailman.cs.indiana.edu/mailman/listinfo/blug
>
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
No comments:
Post a Comment