Wolfgang S. Rupprecht wrote: > Bill Davidsen <davidsen@xxxxxxx> writes: > >> Wolfgang S. Rupprecht wrote: >> >>> Bob Goodwin <bobgoodwin@xxxxxxxxxxxx> writes: >>> >>>> Yes I have been running WEP 'cause I have one old device that can >>>> do no more than that, and I usually admit only certain [18 or 19] >>>> MAC addresses that I have listed. Add to that the fact that I am in >>>> a rural area surrounded by cotton and soy beans, the distance to the >>>> road is about 200 meters, I don't think LAN security is a major >>>> worry. I can't detect any other systems when I scan. >>>> >>> Well, WEP will keep out the casual person looking for an open wifi. To >>> be honest, I think that is good enough unless you have a bored and >>> highly talented kid living next door. >>> >> I live across the street from a college. My security is better than theirs, >> thankfully. >> > > Reminds me of the joke about the two hikers preparing for a bear > encounter. One hiker is removing his hiking boots and putting on > sneakers. The other points out how useless this is because you can't > outrun a bear. The first retorts, "I don't have to outrun the bear I > only have to outrun you." In the same vein, you don't need great > security, you just need something better than the school next door. ;-) > > Personally, I still believe in WPA2-only with CCMP-only and hex > passwords pulled from /dev/random. It's not that much more work to set > up that way and give the attackers something very substantial to chew > on. > > Sort of like why there are locks on wooden doors. Keeps the honest ones out. The shotgun deals with the rest (and 10 gauges are really LOUD and do a good job of blowing a 200 lb person out into the street.) That is what happens when some folks hit a few of the systems that I worked on. One of the 'Honey Pots' had a time bomb download. If you were running WinBlows you got a shock about 14 days later.....(and a completely dead system to boot if you had flash eeproms in your hard drives/motherboard.) After that, the number of attacks dropped greatly. BTW, the file had nothing in it to point back to where it came from :) Of course, after legal advice, the file was pulled and replaced with a nicer file. Securing Wireless is like damming a river. Works well until you get a flood, then all bets are off. James McKenzie -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
