REDUCING Range

A good example and it has an easy answer. If person A is using WPA with a strong passphrase, their data are secure. If person B is using WPA with a strong passphrase, their data are also secure.

Why do you believe when data are encrypted, that the range the data are transmitted has anything to do with data security?

Reply to
Pat Henry
Loading thread data ...

So, you are saying that common sense should tell me that a WPA data packet is safe if it attenuates into oblivion at my front lawn, but it is unsafe if it floats into Ye Olde Cyber Cafe & Hack Shoppe down the block.

Please, using common or any other sense, tell my why this is so?

Rôgêr wrote:

Reply to
Pat Henry

Roger, you are right. Any security system is only as strong as it's weakest link. In my past post I mentioned this ... "WPA is secure as long as you use a long pass phrase with high entropy."

If you are using WPA the correct way, i.e. a passphrase with 64 bits or more of entropy, then 5ft or 500 mi makes no difference.

Rôgêr wrote:

Reply to
Pat Henry

You are right. I had no clue that the further an encrypted signal travelers from it's source, the more insecure it becomes.

Well, here is a clue for you. The number of people who receive an encrypted packed is irrelevant. The number of processors that are working on cracking the packet is very relevant.

Rôgêr wrote:

Reply to
Pat Henry

Because he seems to be able to use common sense. This is not about a determined hacker, but a casual passerby, as he said. If his range reaches out into a public parking lot or the local teen center, I'd say he would be less likely to get hacked if he reduces the range to the size of his own yard.

Reply to
Rôgêr

Just in case your argument is that with WPA his network is secure no matter if he reaches around the world or only 5 feet:

formatting link

Reply to
Rôgêr

You seem to pretty clue resistant, so I'll talk slowly. To reduce exposure to hostile activities, it is prudent to reduce the amount of area covered. You honestly, honestly think if you covered the entire area of southern California that the risk of intrusion would be equal if the coverage area were only a back yard?

I'm not arguing against encryption nor any other security measures. I'm only stating that yes indeed, if you have only a slight chance of an advanced wireless user finding your signal that you are safer than if your signal is out there for anyone and everyone to take a whack at it.

Reply to
Rôgêr

I still do not understand the rational of why reducing the power output

> of the router, disabling SSID, or enabling MAC filtering will secure a > WiFi network. >

Who said it would. I will use every pratical tool available to make the

network as secure as possible.

I will attempt to explain the reason to you for reducing the range of

Wi-Fi router:

If the area I need to cover is only say 50 meters, why have a system

that can reach a couple of hundred meters? It won't stop a determined

hacker but 'passers by' will have less chance of detecting the network

which can only help make it more secure.

Take it to extremes. Person 'A' Has a wireless network that has a range

of 10Km and person 'B' has a network that has a range of 10m. Who will

be at greater risk from a hacker?

Reply to
Entropy1024

Okay, we disagree and I don't suppose it will hurt either of us very much to leave it that way. Your sarcasm is noted and I appreciate someone with a sense of humor. No, a packet traveling further doesn't become intrinsically less secure. It's the exposure to more people who may be trying to hack the signal that I've been posting about. In a way, you seem to agree to some extent with the statement that the number of processors working on it is relevant. To me, bigger area = more possible processors working on it.

Reply to
Rôgêr

Well, there is a bit of truth to the premis that more signal leads to less security. However, it has to do with the power from the client radios, not the access point. Sniffing and logging the access point traffic can be used to extract the WEP/WPA key. However, once that's accomplished, the interesting traffic comes from the client radios, not the access point. If I wanted to extract a login/password pair, it would need to come from the client radio, not the access point. Same with SSL key exchanges, and authentication exchanges. If I wanted to spoof the MAC address, I could get the client MAC address from the access point transmissions, but the TCP sequence numbers have to come from the client radio in order to do session hijacking. Therefore, I suggest that the power output of the client radios is also an issue and that effective wireless hacking requires hearing both the access point and the client radios.

Reply to
Jeff Liebermann

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.