Wireless router

Correct, we're dealing with a different definition of intruders. I was dealing with what I saw as the original poster's environment. Dedicated targeted attackers will of course blow right through WEP, as I acknowledged in another post.

-Russ.

I said it's "often unstable to the point of unusability". In the last 3 months, I've tried 3 separate WAP devices for a particular implementation, one was brand new, one was 5 months old, one was 1 year old, 2 were entry level, one was not. All needed weaks to firmware to run WPA with sufficient options for devices to be able to match their configurations. Then I tried

6 devices, ranging in age from 2.5 years old to 1 month old. 2 didn't support WPA (PDA's) and all but the oldest device needed new drivers. One of the laptops (3 month old Dell) never did work right. And one of the WAPs rebooted itself randomly.

To me, that qualifies as "often unstable".

You say I'm wrong.

Fine. Suit yourself. I tried WEP and had all 6 devices and all 3 WAPs working perfectly in under an hour. No hiccups, no reboots, everybody talks.

-Russ.

I think "Done Right" was just in refrence to the fact that you can have IPSec run with weak ciphers, improperly protected keys, and easily guessed properties. IPSec in and of itself isn't always secure unless it's implemented correctly. There isn't any particular difference in running it over wireless vs not running it over wireless.

Mind you if the wirelss device is also a router, it needs to understand how to deal with protocol 50, but that's to do with the router not the fact that it uses wireless on one interface.

And yes, you can avoid the problems I desccribed by setting things up correctly, hence the "dependant on many factors" proviso -- but it's easy enough to have a PC, running IPSec, that is open to many other compromises whilst the tunnel is open. If the network interface is unencrypted wireless, even casual passers-by have a shot at poking at the PC for open ports and services.

-Russ.

Well, all that wouldn't be a problem in my way of Doing IPsec Right. Good to know it actually works the way I think it does, though.

Joachim

This is the reality of the market, especially consumer/soho/home. I wonder how many large scale/enterprise wireless deployments have implemented WPA-only networks. The ones I know of did not choose WPA due to compatibility problems and support issues it would cause.

Sad, but true. Despite what Volker thinks.

The good news is it will probably get sorted out sooner or later -- probably just in time for WPA to get cracked. :-)

-Russ.

Much more useful as your claims.

VB.

Hm... then I cannot see anything, which can be seen as a fact from what you stated here.

Why aren't you calling people to use Cesar's chiffre then, i.e. ROT13? The "casual attacker" will not be able to "crack" this, too, will he?

I can only see two possibilities:

Moaning and whining about old hardware or b0rken software, which does not implement WPA very well, and using WEP because of a "better ROT13 than nothing" feeling (which is completely misleading, but to understand as an excuse), or implementing communication securely.

There is nothing in between.

Yours, VB.

Ah, you just tried b0rken hardware, and you detected, that it was b0rken. I will put a candle into my window for you.

Yours, VB.

DigitalVinyl wrote: [b0rken WPA hardware]

I'm using hardware from Asus, Linksys and Apple. No WPA problems to detect at all.

Beside the fact, that there are VPNs, ssh, SSL, ...

Yours, VB.