Tim wrote:
On Tue, 2008-02-12 at 23:08 +0100, Jan Brosius wrote:
I also had the impression that I got connected more quickly if I let
my router broadcast its SSID.
If you don't broadcast your SSID, it's harder to work out which access
point your hardware should be connecting to, and software doesn't have
an ID to reference which bits of information go together (e.g. this
access point with that password, and so on).
If you do broadcast your SSID, you can easily find your access point on
a list, and connect to your own access point rather than your
neighbours. Your neighbours can easily tell which is theirs instead of
yours, and use the right one.
Not broadcasting your SSID does *NOT* give you any security, in any way
whatsoever, it's a fallacy. Hackers and nuisances can still mess with
you when you're not broadcasting it. All that does is give you
networking problems to work around.
I'm not sure I follow here, while a serious hacker probably has tools to
determine how to connect without knowing the SSID, it stops wannabes who
don't have some tool and are likely to continue on to something easier.
As for networking problems, a step approach certainly seems to avoid them.
- using a dummy SSID, broadcast it and make a connection
- stop broadcasting, reboot everything, make a connection
- change the SSID at both ends, reboot everything, make a connection
I've had consistent success with these steps, the 2nd step only seems to
fail if there are router firmware issues, and you really want those
fixed anyway.
Broadcast your SSID. Set it as something that you can easily see as
being your access point. Follow whatever rules there are for using the
right characters (if you're not supposed to use blank spaces,
underlines, or something else, then don't use them). If you can't find
rules pointing them out, then the simplest thing to do would be just use
ASCII letters and numbers.
I always believe that making every step of a possible intrusion as hard
as possible reduces the number of attempts at the next step.
Since I have a router which does WEP only, my connection to the firewall
accepts only packets to the OpenVPN server which handles the real
connections. Probably as secure as WPA and avoids having to update a few
old machines. Since non-trusted connections are used on the road,
OpenVPN is on every machine anyway.
Feel free to comment on any of this if you feel that there's a better
way within reasonable time and budget limits.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
