[Novalug] best way to secure wireless?

Ross Patterson RossPatterson at Comcast.Net
Sun Nov 26 13:06:22 EST 2006 

At 12:03 11/26/2006, gregory pryzby wrote:
>I guess my question is more philosophical in.... why?

Because encrypting traffic is a Good Thing?  It's one thing to allow 
your neighbors to piggy-back on your house LAN, it's another thing to 
let them see your passwords.  Or your private email contents.  Or the 
URLs you might be embarrassed about accessing - like 
http://www.microsoft.com/windowsvista :-)

>I look at it this way. I have Mac OSX and Linux machines. There is 
>no telnet or broadcasting protocol running.

I know you know this, but I have to say it: On wireless it's all 
broadcast.  We need to return to thinking of networks like they were 
20 years ago, when every packet was visible to every node on the 
network cable.  And then we need to extend that mental model to one 
where you put live RJ45s in every room in each neighbor's house, plus 
a few on the curb two blocks over for good measure.

You should be much more worried about HTTP than TELNET.  TELNET at 
least only sends your userid and password in the first few packets 
(usually).  HTTP sends them over and over, and often in a 
near-plaintext form.  Depending on your ISP, POP3 may be an issue too 
- there are still a lot of plaintext-password-only POP servers out 
there.  And even if you run your own mailbox server inside the house, 
is its SMTP connection using TLS?

>If someone wants to use my wireless, they are welcome to it.

See if you still feel that way when your neighbor brings home an 
infected Windows machine and your network usage spikes as it connects 
to the botnet.  Or when the RIAA sues you because your cable modem IP 
address has become a major P2P music-sharing site.  Of course, you 
can always use MAC-blocking to kick those folks off the network 
when/if you notice it, so maybe that's not a problem for you.

>That said, I did decide to 'hide' the essid, so someone needs to 
>know it to get online.

It's actually rather amazing how good a security-through-obscurity 
mechanism that can be.  Kudos to the 802.11 working group - it must 
have been designed by a different subcommittee than WEP :-)

Ross

More information about the Novalug mailing list