[Novalug] best way to secure wireless?
rarob at comcast.net
Sun Nov 26 13:09:25 EST 2006
Put on your paranoid hat Greg. If someone stumbles across your
unprotected wireless, then in so far
as the outside world is concerned, they are *you*. Suppose this
miscreant (them, not you) decides to
pull down music via one of the p-to-p programs. The RIAA group now
could watch a music download
going to an IP registered at your ISP. A supeana is issued under the
DCMA, the ISP determines that
your account was assigned to that IP at that time. So now you find
some interesting correspondence
via the local sheriff requesting your presence in court, or to
'negotiate' a settlement. So far as the RIAA
is concerned, you are presumed guilty until proven innocent (good
luck). Worst case? Possibly...
Even hiding your essid won't prevent access, it just isn't broadcasting
your wireless presence. Someone
could still hang around and sniff the packets. Even encrypting the
wireless isn't surefire, just makes it
more difficult (not by much if you are still using WEP, say from an
early wireless base station).
On Nov 26, 2006, at 12:03 PM, gregory pryzby wrote:
> I guess my question is more philosophical in.... why?
> I look at it this way. I have Mac OSX and Linux machines. There is no
> telnet or broadcasting protocol running.
> If someone wants to use my wireless, they are welcome to it.
> That said, I did decide to 'hide' the essid, so someone needs to know
> it to get online.
> So, tell me why this is a dumb thing to do.
> On Sun, Nov 26, 2006 at 06:57:46AM -0800, Brandon Saxe wrote:
>> What's the best (in your opinion) way to secure wireless 802.11x
>> networks in a
>> mix hardware environment with the following support requirements:
>> o Legacy hardware that consists of devices only supporting WEP 64 bit
>> o Legacy hardware that consists of devices supporting WEP 64/128
>> o Newer hardware that can do WPA
>> o Linux/Windows clients
>> o IPSec VPN clients that need to connect to outside networks
>> o L2TP/PPTP VPN clients to outside networks possible
>> Is there a way all this stuff can exist together on a secure,
>> wireless network?
>> Obviously, the least common denominator in this scenario is the WEP
>> devices. Is there a software solution you'd recommend?
> greg pryzby greg at pryzby dot org
> fingerprint: 8A1A DB90 869F 5DD1 D6E9 EEB6 C156 6B04 849F A86F
> Novalug mailing list
> Novalug at calypso.tux.org
More information about the Novalug