Bill Davidsen wrote:
Tim wrote:
Tim (re hidden SSIDs):
It doesn't add *ANY* security.
It *does* add problems.
It doesn't hide your access point, at all. It still appears as an
access point that can be used. Anybody, and everybody, can see that
there's one there. It just doesn't have a name associated with it.
And the lack of a name doesn't prevent anyone from using it.
Bill Davidsen:
FUD. How can you hold two diametrically opposed ideas in your brain
without your head exploding?
You idiot. You don't understand what you're reading, and the one
spouting the FUD is you - that hiding an SSID has anything, at all, even
to the slightest degree, to do with security. Get a fucking clue.
Look at your first two lines and reconcile "adds no security" with
"harder to use."
The two have absolutely nothing to do with each other.
Security is about *preventing* unauthorised use, the SSID has absolutely
nothing to do with security. And *no* amount of futzing around with it
will ever "secure" a network.
The only way to absolutely prevent unauthorized use is to turn off the
machine. That's why there are security updates regularly, *all*
measures are about making it harder, forcing the evildoer to find and
use the more difficult exploit.
I have a colleague that recommends putting your AP on a timer, so you
don't forget to turn it off when you won't be in the house.
Actually WPA2 with 802.1X authentication is REALLY tight. No MITM will
crack EAP TLS (EAP TLS is a little different than the TLS used in the
most recent attack). Then use AES CCMP (not TKIP).
Of course your management frames are not protected. That is 802.11w
that will soon be in products....
BTW, I worked on the 802.11 standards. I use past tense, as in June my
management had me move over to work on 802.15 standards. (I was in
Atlanta last week for the 802 meeting).
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
