Heres what I understand :-
Actually you left off the one best and most secure way, that's to do VPN (Virtual Private Network) over wifi.. Works fine with most cards/PDA's etc. You can actually combine them.. (IE have both an unsecured/minimal security node, with a (or multiple) VPN at the same time) Works great with both.. Have an open/min sec one for doing very little, and a VPN (on the same node) for secure stuff.
WPA can be cracked (or so I have heard, but it would take a lifetime to crack it!)
WEP on the other hand is a little easier to crack.SSID and MAC is all well and good but WPA/WEP is the key security thing here.
Harry
Tis my understanding that VPN only affects layer 3 protocol, therefore wireless layer 2 is still open for sniffing. My guess is that VPN in combo with WPA would be the best but mucho overhead. Correct me if my meager understanding is comatose.
That's my understanding too, however, if you are using a VPN client, the packets themselves are sent by layer two but are encrypted before being sent, and if you are REALLY paranoid (most of my clients make a regular paranoid look like a liberal), you can double encrypt (IE use WPA *AND* VPN... oh wait.. you suggested that too....never mind )
Taking a moment's reflection, snipped-for-privacy@gmail.com mused: | | Heres what I understand :- | | 1. Even if you turn SSID off, there are tools out that can scan for it.
True.
| 2. If you turn WEP encryption on, there are tools that can crack that.
True.
| 3. If you turn MAC accdress filtering on, there are tools to scan for | MAC addresses which can be ghosted.
True.
| 4. Final option - WPA encryption. Any good or can this also be cracked?
If using WPA-PSK (pre-shared key) WPA is susceptible to a brute force "dictionary" attack ... where the would-be hacker just tries phrase after phrase to try and get in. However, with a long and strong key, this will be difficult to impossible depending on the fortitude of the hacker. But, WPA is not vulnerable in the way that WEP is.
Don't be paranoid using your wireless network. Even though everything
you stated is true, you must remember that snoopers and would-be
hackers look for the easy target. No one wants to spend a great deal
of time trying to break into a network especially when gaining access
to the internet is the main focus. Unless there is something specific
to gain, many hackers won't waste their time trying to crack your
encryption. Having said that, enable encryption. WPA is preferred and
use a LONG nonsense passphrase / encryption key. If all you have is
WEP, change your encryption key at least once a week. You should be
fine. Disabling SSID broadcast, MAC filtering, etc. are just extra
layers of security that can be manipulated, if there is a strong desire
to do so.
everything
specific
My initial post is in response to a discussion that I've been having with a colleague.
My employer is keen that our site is very secure and, as such, there are no wireless networks at all. My colleagues arguments are those that I presented initially, although my argument was (as some have confirmed here) that a wireless netwrok can be virtually uncrackable.
In that case, consider a VNP server/client combo in addition to the simple stuff above.... Check them out at
In reference to your reply, VPN is indeed the way to go. It was my
assumption by your initial post that you were talking about a typical
home network. I'm sorry about that. Take care.
Taking a moment's reflection, snipped-for-privacy@gmail.com mused: | | My employer is keen that our site is very secure and, as such, there | are no wireless networks at all. My colleagues arguments are those that | I presented initially, although my argument was (as some have confirmed | here) that a wireless netwrok can be virtually uncrackable.
Bear in mind that nothing is uncrackable ... especially when "users" are involved. People can be tricked into give others access to even the most secure networks.
Everything can be cracked. The only sure thing is to disconnect your network from the internet. But realistically WHO would want to crack YOUR system? Who has time to scan and crack 80 million systems? What are your chances of being a victim? Pretty slim.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.