On Mon, February 5, 2007 06:01, Tim wrote: > On Sun, 2007-02-04 at 21:29 -0700, David G. Miller wrote: > >> <sarcasm> >> So, to your way of thinking, everyone should just run their AP wide >> open if they aren't running WPA. Or is WPA not enough? > > No. The point is not to *call* something a "security measure," that > isn't one. It gives one a false sense of security. > > When people go around advocating MAC filtering, for instance, as a > "security measure," those who don't know any better believe it is, and > believe they're safe because they do so. It isn't, and they should be told so. As long as they're > aware of how useless it is, they can make their own minds up as to whether to bother with it. But > don't go around encouraging anybody to have false beliefs about it. > > MAC filtering is *utterly* *useless* as a security measure, you may as > well not bother with it. There's zero point in relying on it. Why waste any time implementing it? > Other measures are somewhat better, or > a lot better, it probably is worth the time bothering with them. > > MAC filtering is as useless as saying a password out loud to the doorman > outside a busy street. Anybody can hear you use it, then use the same details themselves. That's > how bad it is. > > Likewise, the broadcasting, or not, of the ESSID is *NOT* a "security" > issue. I've already gone into it, and the others, with enough detail. You're just arguing for the > sake of it. Go and research the myths of wireless security. There's quite a few reports with a > title like that that explain all the same things if you don't believe me. I agree with David, the key is not to have 100% secure wireless, that´s just impossible and we all know that. As David said, if a cracker is able to see 10 wireless he will probably break into the easiest one. If I were him, I´d do that. Here in Madrid at least, we have 3 kinds of wireless, those which are open, those with WEP and lastly the ones with WPA, aside from the fact that none of them are secure, I would choose either the open one or the WEP one. I have a wireless at home and I have set up: WPA + EAP-TLS + RADIUS. In my flat there are 6 or 7 wireless networks, for sure, mine will be the last choice for a normal cracker.
