Security Basics mailing list archives
Re: wirless connection security issues
From: Michael Krymson <krymson () gmail com>
Date: Tue, 01 Aug 2006 22:23:14 -0500
You're right. I won't argue that, and have done the cracking myself. But for most people in a home environment, it will most likely suffice. Unless you live in a high density area, the chances of someone doing real mischief are slim. I made it clear that yes, I was ignoring some threats. It is better than trying to teach every home user (think your parents) the ins and outs of RADIUS, TLS, VPN, etc. They don't care, and that kind of approach will just turn them away from trying anything. Home consumers are not geeks like us who are willing to tinker with things like that. But never deny that WEP or any encryption will still deter everyone else including Windows XP which automatically connects to open wireless networks. And like I also said, WPA and WPA2 are still more desired...I was just addressing the audience. Jarrod Frates wrote:
On 7/31/06, Michael Krymson <krymson () gmail com> wrote:- turn on encryption, WEP is ok (yes, it is ok, read on), WPA is much better, WPA2 is what you really want if you can. - change your WEP password if you use WEP every monthWEP is *never* OK unless you have *absolutely* no other choice. The device in question here is a WPA54GL, and it can use WPA2. I've cracked WEP in 14 minutes -- and the known record is just about four minutes -- using information available on a variety of sites. One download -- Backtrack Live CD -- and a wireless-capable computer would have the network open in very short order -- and much faster than your recommended monthly changeover. Your presumption of keeping out only casual users ignores the threat from youths who let curiosity get the better of their judgement as well as those who would target such locations as an easy spot from which to take other actions. Jarrod
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: wirless connection security issues Michael Krymson (Aug 01)
- Re: wirless connection security issues Jarrod Frates (Aug 02)
- Re: wirless connection security issues Michael Krymson (Aug 02)
- Re: wirless connection security issues Jarrod Frates (Aug 03)
- Re: wirless connection security issues Michael Krymson (Aug 02)
- <Possible follow-ups>
- Re: wirless connection security issues Rob klein Gunnewiek (Aug 01)
- Re: wirless connection security issues Jarrod Frates (Aug 02)