> On Fri, Aug 08, 2008 at 10:54:48AM -0700, Beartooth wrote:
>> So for those of us who don't want to provide access to
>> every stranger within reach, what protection is good?
>
> The current rage is WPA2[1] / IEEE 802.11i[2]. This is what IU
> is now using with its "IU Secure"[3] SSID.
>
> [1] http://www.wi-fi.org/knowledge_center/wpa2/
> [2] http://en.wikipedia.org/wiki/IEEE_802.11i-2004
> [3] http://kb.iu.edu/data/awws.html (What is IU Secure?)
I contacted my ISP, who assured me at once that I can use
WPA-PSK and the MAC address list simultaneously; this is the
first I've heard of WPA2 -- I'll ask about that.
I don't remember if I mentioned that I'm on "wireless
broadband," a new technology (iiuc) which started being rolled
out a year or so ago. My transceiver, or whatever they're called,
connects outside the house wirelessly to one on a water tower
about a mile away; inside the house, it is modem, wired router,
and when turned on wireless access point. It's a Netgear MBR814,
a model sold only to ISPs. I don't know if it can be upgraded to
WPA2, but will ask. I also don't know if it does encryption, but
I do presume so; it's certainly claimed to be "safe," in some
sense.
> The MAC thing can be used, but with programmable MAC addresses,
> if that's the only security a person can snoop on your network,
> pick up your MAC address and simply reprogram their MAC
> address. Then they can surf your network and everything gets
> logged as if it were you. (Perhaps they want to watch your
> house a little to make sure they pick times where you won't be
> home.)
That last would be an inconvenience for them; I've been
fighting colitis for the last couple years, with the result that
I go out seldom, unpredictably, and not for long.
> Not to mention, that with just MAC filtering, all your
> communication continues to be in the clear, so in addition to
> poorly protecting your network, it doesn't protect your data at
> all.
>
> To an extent it is like most security. It doesn't need to be
> perfect, it just needs to be good enough that the criminals
> look elsewhere.
My thought exactly -- just like my precautions against
burglary. As a long-time guns rights activist, as well as linux
user and Net addict, I'm very familiar with that kind of
thinking.
For the present passphrase, I settled on a line of
poetry, with a nice jumble of capitalization, punctuation, etc.,
that my wife and I can both (hope to) remember. But if the
Gibsonian random lines that Barry Schatz kindly pointed to* are
usable, that must mean I need only c&p one into the router and
each laptop, without need for memorizing -- right?
What about house guests? One laptop (a thinkpad T42
running, alas!, XP) exists primarily to run proprietary topo map
software which interfaces with my GPSs -- especially on a
passenger lap in the truck, or on my own lap if I have a driver.
The other (a T30 thinkpad, running Fedora 7) exists primarily as
a guest room amenity for people who don't bring their own.
Neither is in routine use in the house; so, most of the time, the
wireless access point is simply turned off.
What of guests who do bring laptops? Will they be able to
connect if I use a Gibson password?
Finally, my heartfelt thanks for all the discussion.
*(I've been subscribed to several lists at news.grc.com
for umpteen years, and had never noticed the random password
generator at grc.com.)
--
Beartooth Implacable, PhD, Neo-Redneck Linux Convert
What do they know of country, who only country know?
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
