On Jan 24, 2008 2:28 AM, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote: > On Wed, 2008-01-23 at 21:23 -0500, Jacques B. wrote: > > Use WPA, > > Reasonably good. We'll see how long that lasts, someone will probably > come up with an easy hack at some stage. > > > MAC filtering (only allow connections from ...), > > Virtually useless except for preventing *accidental* connections. > > > don't broadcast SSID > > Utterly useless. You still transmit, you appear as *something* on the > list of available connections, just not named. Hackers can still get > in, quite easily. > > > (and don't use a SSID that provides someone with an indication of who > > owns the AP - more for privacy reasons), > > Bad advice, as it stands. Yes, probably don't call it "Tim's AP" if you > don't want neighbours to know which is really which, but do pick some > unique name that identifies them apart (e.g. something like "ap2370" is > generic and unique). Though, on the other hand, if you have problems > with channel interference, as some do, then it can be handy to work out > an arrangement with your neighbours about using different channels. > That's easier to do if you know who's running what. > > Accidental connections are less likely if you broadcast an SSID that > obviously isn't the access point that they' want. e.g. If all the > neighbours SSID were "netgearap" they couldn't easily tell which ones > they should be using. I've seen places where there's three virtually > identical access points on the list, and where it wasn't appropriate to > just use anything. > > Google around for the myths of wireless security. > > -- You did a great job criticizing my advice, but offered non to improve on it. I wasn't suggesting that the above will solve all your woes. It's a defense in depth approach within the scope of most home wireless routers and within the ability of the typical consumer of that technology. I am well aware of the inherent weaknesses of each. But combined they do a decent job for the average home user. Your rebuttal is the equivalent of someone offering advice on how to keep their vehicle and its contents safe by locking the doors, parking in a well lit area, don't leave valuables in plain view. Then you turning around and stating that all of that is useless because ... You sammed my advice to not use an SSID that personally identifies you for privacy reasons. But then you agree with it (don't use Tim's AP was your example). You suggest to use something unique. I didn't suggest otherwise. That latter part of your rebuttal is a good added suggestion to mine regards SSID. It does not invalidate my suggestion at all. You can't have it both ways, to state that was bad advice and then turn around and support it through your example. My advice is not bullet proof. But it's a hell of a lot better than what your rebuttal appears to suggest, why even bother with any of that because if someone really wants to get in, they will. Using that premise why bother locking your house? The steps I suggested act as a deterrent to crimes of opportunity as well as accidental incidents (drunk accidentally walking into your house at 2 in the morning thinking it's his house) . They are not intended to protect the country's secrets. I pretty much made that clear by using the low hanging fruit analogy. Whereas the steps you suggested... wait a minute, you didn't suggest any. If my advice was erroneous then yes, it should be addressed. That was far from the case. Your rebuttal does a much greater disservice to the reader as it pretty much says why bother doing any of it, none of it will help you achieve 100% security. Jacques B.
