Re: wireless network security best practice?
From: wesley (wesley_at_chefdiana-dot.com)
Date: 09/06/03
- Next message: Ramanan: "Re: RH 8.0 gateway and iptables"
- Previous message: Noi: "Re: Poor people's OS?"
- Maybe in reply to: demeck: "Re: wireless network security best practice?"
- Next in thread: erik: "Re: wireless network security best practice?"
- Reply: erik: "Re: wireless network security best practice?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 06 Sep 2003 15:01:10 -0500
On Mon, 25 Aug 2003 17:46:30 +0000, /dev/null wrote:
> We have a local wireless net. Is 128 bit WEP and MAC filtering enough?
>
> I tend to think not, anyone could sniff and pick up MACs and then set
> their card to use that MAC, and eventually break the WEP at brute force.
>
> Feedback/Comments?
To figure if your security is good enough, you first have to take a look
at the type of traffic you're running on your wireless network, both in
terms of security sensitivity and traffic volume. For example, Fort Knox
needs a lot more protection than the average home.
One of the big issues with wireless is that your radio waves from your
access point don't stop at your home or office's walls. That feature makes
it possible for others to intercept and use your signal.
While breaking a WEP transmission is certainly possible, it still requires
a LOT of data be gathered. Airsnort needs 5 to 10 million packets in order
to break a code, according to their info. In my case, that means someone
would have to park in front of my house for months at a time to gather
enough data to crack my 128 bit WEP code.
On the other hand, an office with many high traffic users on their
wireless network could generate enough traffic in a short period of time
for their code to be cracked. Or, someone located in an apartment building
might have a neighbor who could monitor their connection for months on end
to try and break into their network.
In my case, if I'm going to get paranoid about my wireless network at
home, then I also need to be paranoid about my ISP monitoring my traffic
in general. I need to quit giving my credit card to waiters and
salespeople when I buy stuff. I need to replace all the wood doors in my
house with metal security doors, and so on.
Yeah, WEP has it holes and should be improved. WPA is going to help do
that and there will certainly be continued improvements down the road.
But that doesn't mean I need to stop using wireless right now. A typical
home user is not a high-profile target for a wireless crook. What hacker
wants to spend months gathering data so he can break in and get... what?
Businesses, OTOH, need to be more careful as they generate a lot of
traffic, do so faster, and typically have more people trying to break into
their networks to get critical info. Some others have already described
methods to address those issues.
But wireless security is just like any other security issue. One needs to
do a good risk assessment before going whole-hog. Your security efforts
should match the risk probablility involved.
- Next message: Ramanan: "Re: RH 8.0 gateway and iptables"
- Previous message: Noi: "Re: Poor people's OS?"
- Maybe in reply to: demeck: "Re: wireless network security best practice?"
- Next in thread: erik: "Re: wireless network security best practice?"
- Reply: erik: "Re: wireless network security best practice?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
