Security Basics mailing list archives
Re: wirless connection security issues
From: "Jarrod Frates" <jfrates.ml () gmail com>
Date: Wed, 2 Aug 2006 07:30:06 -0700
On 8/1/06, Michael Krymson <krymson () gmail com> wrote:
It is better than trying to teach every home user (think your parents) the ins and outs of RADIUS, TLS, VPN, etc. They don't care, and that kind of approach will just turn them away from trying anything.
Teaching them how to enable WPA/WPA2 is little more difficult than using WEP. Both can use shared keys, and the only additional thing needed for WPA2 is a patch for XP. If that's not available due to being on Windows 2000 or earlier but still having a WPA2-capable network, a supplicant can be purchased, but WPA with a sufficient passphrase will suffice for most home users if WPA2 isn't available for technical or financial reasons. I brought up RADIUS and EAP because Cherian mentioned paranoia -- and then I backtracked because it was overkill for that particular situation.
But never deny that WEP or any encryption will still deter everyone else including Windows XP which automatically connects to open wireless networks.
Saying that WEP provides security because it deters the people that have their computers set to connect automatically is like saying that closing your front door deters people that might just walk into your home. If that was an issue, MAC address lockdowns would be sufficient, and we wouldn't need encryption. It provides little more than privacy from people who generally have no desire to look in the first place. I really don't understand why this idea that WEP is "good enough" is still present. I knew five years ago that WEP was a bad idea. WEP cracking is only going to get faster as network and CPU speeds improve. At some point, I imagine someone will break the two-minute mark -- if not better -- on a routine basis. Perhaps at that point, it will be drilled in that WEP needs to be not only disabled, but deprecated and eventually removed. Jarrod --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: wirless connection security issues Michael Krymson (Aug 01)
- Re: wirless connection security issues Jarrod Frates (Aug 02)
- Re: wirless connection security issues Michael Krymson (Aug 02)
- Re: wirless connection security issues Jarrod Frates (Aug 03)
- Re: wirless connection security issues Michael Krymson (Aug 02)
- <Possible follow-ups>
- Re: wirless connection security issues Rob klein Gunnewiek (Aug 01)
- Re: wirless connection security issues Jarrod Frates (Aug 02)