CNN website has special on wireless and security

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
http://www.cnn.com/SPECIALS/2004/wireless /

An interesting read anyway.

- Sandy



Re: CNN website has special on wireless and security

> http://www.cnn.com/SPECIALS/2004/wireless /
>
> An interesting read anyway.

Which (predictably) repeats the current myths about wireless security.



Re: CNN website has special on wireless and security
On Wed, 10 Nov 2004 21:25:01 GMT, neillmassello@earthlink.net (Neill
Massello) wrote:

>
>> http://www.cnn.com/SPECIALS/2004/wireless /
>>
>> An interesting read anyway.
>
>Which (predictably) repeats the current myths about wireless security.

Since I'm new to wireless, could you point out which are the myths?  I
don't mean quote the articles or anything, just which parts of the
technology they are wrong about.  I'm NOT being a smartass here.  I'm
really curious.  Thanks, Neil, for any info.

- Sandy



Re: CNN website has special on wireless and security
OK... Let's start...

First, it's missing the major error of not changing the default password.
Most people just connect their wireless router or access point and that's
it.  I wonder if anyone has ever uploaded modified firmware onto someone
else's router.

Then, there's the turn off SSID broadcasts part.  Doing so will make it very
difficult to connect to your network under Windows XP when using the
built-in wireless service.  In addition, turning off SSID broadcasts makes
it more difficult to choose broadcast channels that do not overlap with
other wireless networks.

There's the "not changing the SSID means an intruder can access your network
and the contents of your hard drive, including any personal data" part.
That's not the case if you are have properly set up your firewall and/or
have password protected network access to your computer.  In addition,
changing your SSID does not at all prevent people from accessing your
network or computer.  Ideally, you would also want to use an SSID that in no
way identifies that it is your network (actually, the default "default" used
by some devices works pretty well).

WEP is no good.  It would be nice if CNN would mention the better
alternative, WPA, by name.  All new wireless hardware should support it and
people should only buy those products.  These days, buying something that
only supports WEP does not make sense.

MAC addresses can easily be spoofed and you would not want to protect a
corporate network by merely restricting access to certain MAC addresses.

Turning off DHCP does not help.  In fact, if you're using your laptop on the
road, you need to configure it to obtain its address via DHCP.  The only
time it helps to not use DHCP at home is when you have a wireless
printerserver or other network devices that you have to connect to by IP
address.  In those cases, you would still leave DHCP on but assign those
devices an IP address below the assignable range.

Finally, the easiest way to keep people off your network is to use WPA with
a long passphrase (say at least 20 letters where one word is not a real
word).  However, this will not shield you from people connecting to your
network over the Internet.  In this case, putting your computer behind a
router helps a lot.

-Yves

> On Wed, 10 Nov 2004 21:25:01 GMT, neillmassello@earthlink.net (Neill
> Massello) wrote:
>
>>
>>> http://www.cnn.com/SPECIALS/2004/wireless /
>>>
>>> An interesting read anyway.
>>
>>Which (predictably) repeats the current myths about wireless security.
>
> Since I'm new to wireless, could you point out which are the myths?  I
> don't mean quote the articles or anything, just which parts of the
> technology they are wrong about.  I'm NOT being a smartass here.  I'm
> really curious.  Thanks, Neil, for any info.
>
> - Sandy
>




Re: CNN website has special on wireless and security
On Wed, 10 Nov 2004 14:01:31 -0800, "Yves Konigshofer"

>OK... Let's start...
>
<great explanation snipped for brevity>

Thank you very much, Yves!  I suspected the DHCP thing was
questionable.

Too bad my Linksys BEFW11S4 doesn't support WPA.  :(

Hmmm...maybe time to upgrade.  :/

Regards,
- Sandy



Re: CNN website has special on wireless and security

> Too bad my Linksys BEFW11S4 doesn't support WPA.  :(

IMHO, Yves exaggerates when he says WEP is no good. It's not as good as
WPA, but it still takes time -- and a lot of network traffic -- to crack
128-bit WEP. If you use a "nonsense" key and change it periodically,
your network should be reasonably safe from all but the most determined
attacker.


> Hmmm...maybe time to upgrade.  :/

Before you upgrade your wireless router, make sure that the wireless
adapters in your computers are also capable of WPA. Older ones may not
be.

There are no absolutes in computer security. It's always a balance of
costs and benefits. Unless you think you're a likely target of serious
snooping, I don't see the need to spend money right away just to get
WPA.



Re: CNN website has special on wireless and security
Sandy A. Nicolaysen wrote:
> On Wed, 10 Nov 2004 14:01:31 -0800, "Yves Konigshofer"
>
>
>>OK... Let's start...
>>
>
> <great explanation snipped for brevity>
>
> Thank you very much, Yves!  I suspected the DHCP thing was
> questionable.
>
> Too bad my Linksys BEFW11S4 doesn't support WPA.  :(
>
> Hmmm...maybe time to upgrade.  :/

Not necessarily. You can protect yourself by other means, depending on
the resources available to you.

If you're always connecting to a corporate network via a Windows server,
you could enable secure connections and/or authentication, or create VPN
tunnels to bridge the wireless network. When properly setup, anyone
breaking the WEP encryption to access your 802.11b subnet will find
themselves lost in a data island where nobody talks to strangers and
there's nothing worth having.

Sort of like trying to break into the bank vault and winding up in
Denny's ...

HTH.

William


Re: CNN website has special on wireless and security

> Since I'm new to wireless, could you point out which are the myths?

The only real security for wireless networks comes from encryption. The
best is WPA, but even weak (40-bit) WEP is better, much better, than no
encryption at all. Once you've enabled encryption (with a key that can't
easily be guessed), you have secured your network from all but serious,
sophisticated hackers willing to spend some time to crack your network.
Such hackers will not be deterred, or even much slowed, by a hidden
SSID, disabled DHCP, or enabled MAC filtering.

SSID, MAC, and addressing can be used to manage access by friendly users
to wireless networks, but they're essentially useless as security
precautions against an attack by an outsider. To use analogies,
encryption is the heavy-duty deadbolt lock on the front door, and the
other measures (SSID, etc) are those little collapsible gates used to
keep Baby away from the stairs.



Site Timeline