JD wrote: > On 08/14/2010 07:43 PM, James McKenzie wrote: > >> Wolfgang S. Rupprecht wrote: >> >>> Bill Davidsen<davidsen@xxxxxxx> writes: >>> >>> >>>> Wolfgang S. Rupprecht wrote: >>>> >>>> >>>>> Bob Goodwin<bobgoodwin@xxxxxxxxxxxx> writes: >>>>> >>>>> >>>>>> Yes I have been running WEP 'cause I have one old device that can >>>>>> do no more than that, and I usually admit only certain [18 or 19] >>>>>> MAC addresses that I have listed. Add to that the fact that I am in >>>>>> a rural area surrounded by cotton and soy beans, the distance to the >>>>>> road is about 200 meters, I don't think LAN security is a major >>>>>> worry. I can't detect any other systems when I scan. >>>>>> >>>>>> >>>>> Well, WEP will keep out the casual person looking for an open wifi. To >>>>> be honest, I think that is good enough unless you have a bored and >>>>> highly talented kid living next door. >>>>> >>>>> >>>> I live across the street from a college. My security is better than theirs, >>>> thankfully. >>>> >>>> >>> Reminds me of the joke about the two hikers preparing for a bear >>> encounter. One hiker is removing his hiking boots and putting on >>> sneakers. The other points out how useless this is because you can't >>> outrun a bear. The first retorts, "I don't have to outrun the bear I >>> only have to outrun you." In the same vein, you don't need great >>> security, you just need something better than the school next door. ;-) >>> >>> Personally, I still believe in WPA2-only with CCMP-only and hex >>> passwords pulled from /dev/random. It's not that much more work to set >>> up that way and give the attackers something very substantial to chew >>> on. >>> >>> >>> >> Sort of like why there are locks on wooden doors. Keeps the honest ones >> out. The shotgun deals with the rest (and 10 gauges are really LOUD and >> do a good job of blowing a 200 lb person out into the street.) That is >> what happens when some folks hit a few of the systems that I worked on. >> One of the 'Honey Pots' had a time bomb download. If you were running >> WinBlows you got a shock about 14 days later.....(and a completely dead >> system to boot if you had flash eeproms in your hard >> drives/motherboard.) After that, the number of attacks dropped >> greatly. BTW, the file had nothing in it to point back to where it came >> from :) >> >> Of course, after legal advice, the file was pulled and replaced with a >> nicer file. >> >> Securing Wireless is like damming a river. Works well until you get a >> flood, then all bets are off. >> >> James McKenzie >> >> > Actually, it is impossible to secure wireless. That's because the > publicly available crypto systems being used were deliberately > designed to be broken in real time by parties with very keen > interest in such ability. The how of such methods of course remain > in the sole domain of the keenly interested parties :) > If you own a Cray, you can do wonderous things (there is one at NSA and one at the Russian equivalent.) Otherwise, it will take years (distributed.net is still trying to break 3DES3EDE.) James McKenzie -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
