Tim: >> Not broadcasting your SSID does *NOT* give you any security, in any way >> whatsoever, it's a fallacy. Hackers and nuisances can still mess with >> you when you're not broadcasting it. All that does is give you >> networking problems to work around. Bill Davidsen: > I'm not sure I follow here, while a serious hacker probably has tools to > determine how to connect without knowing the SSID, it stops wannabes who > don't have some tool and are likely to continue on to something easier. Read what I said again. It's a COMPLETE FALLACY. There is NO security benefit WHATSOEVER in hiding the SSID. It's zero worth, pointless, and it makes people waste their time with this sort of crap: > As for networking problems, a step approach certainly seems to avoid them. > - using a dummy SSID, broadcast it and make a connection > - stop broadcasting, reboot everything, make a connection > - change the SSID at both ends, reboot everything, make a connection People insist on doing stupid things like this, breaking networking, then come up with daft extra steps to restore it. When they should just have done things properly, in the first place. It's as stupid as believing that unscrewing the house numbers from the front of your house magically protects you from being burgled. Oh look, they don't know that we're number seven. They'll be less inclined to burgle us... It's a load of crap. This is computing. It's hard facts. It's not magic. There's no place for superstitition. >> Broadcast your SSID. > I always believe that making every step of a possible intrusion as hard > as possible reduces the number of attempts at the next step. It doesn't make it the slightest bit hard. My computer find networks without an SSID being broadcast. They're harder to work out which is the right network to use, only in as much as you've got to try them all out one by one. But they're listed, and selectable. > Since I have a router which does WEP only, my connection to the firewall > accepts only packets to the OpenVPN server which handles the real > connections. Probably as secure as WPA and avoids having to update a few > old machines. Since non-trusted connections are used on the road, > OpenVPN is on every machine anyway. Decent encryption and other traffic flow control techniques are the only way to go (e.g. tunnelling, encrypted logon credentials, etc.). Though you have to be careful you don't fall into the trap of thinking that only this device can talk to that device because you've used MAC or IP filtering. All of those things can be changed at will. -- [tim@bigblack ~]$ uname -ipr 2.6.23.15-80.fc7 i686 i386 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.