On Thu, Jan 24, 2008 at 12:34:29PM -0500, Jacques B. wrote: > My frustration has to do with the fact that someone asked a question > on how to secure a wireless connection. I provided advice of measures > available within the context of a typical home wireless router. And > my reference to low hanging fruit and such and the caveat of the kid > next door who has all the time in the world to bang away at your > system (vs someone driving by) made it obvious that it's not a 100% > guaranteed secure solution. > > In comes Tim stating that most of what I said was "useless". FWIW, I agree with you. A good analogy is a bank--just because they have a nifty vault with a multi-ton door and timelock, they don't leave it sitting on the outside wall of the bank. It's inside, behind a counter and employees, and usually there's a locked grate in front of it. After hours, it's minor for a good crook to get through the outside door, find the vault area, get through the grate, and finally get working on the vault. But all of those are time-wasters and require some determination and knowledge to circumvent. Similarly, leaving SSID on doesn't stop the determined hacker with tools. But none of the common WiFi connection agents on laptops will show a non- broadcast SSID; you have to go out, get the tools, and work on it. Restricting MAC addresses can easily be overcome--but you have to have gotten the tools to do so. DHCP--eh, it's too convenient to get rid of. Logging--preferably with forwarding to an internal system--is useful. But after all of these, let the cracker find the WPA encryption behind all the lightweight stuff. You've got to have someone who really wants into your network at that point. All of the other stuff will at least be annoying to the real cracker, and will stop inadvertent accidental, or casual deliberate, use of your network, and doesn't cost you anything in terms of time or effort. Why the outraged indignation? All security is a layered amalgam of strong and weak measures. $0.02, YMMV, etc. -- Dave Ihnat President, DMINET Consulting, Inc. dihnat@xxxxxxxxxx