CNN website has special on wireless and security

Archived from groups: alt.internet.wireless (More info?)

http://www.cnn.com/SPECIALS/2004/wireless/

An interesting read anyway.

- Sandy
7 answers Last reply
More about website special wireless security
  1. Archived from groups: alt.internet.wireless (More info?)

    Sandy A. Nicolaysen <sandynic@verizon.net> wrote:

    > http://www.cnn.com/SPECIALS/2004/wireless/
    >
    > An interesting read anyway.

    Which (predictably) repeats the current myths about wireless security.
  2. Archived from groups: alt.internet.wireless (More info?)

    On Wed, 10 Nov 2004 21:25:01 GMT, neillmassello@earthlink.net (Neill
    Massello) wrote:

    >Sandy A. Nicolaysen <sandynic@verizon.net> wrote:
    >
    >> http://www.cnn.com/SPECIALS/2004/wireless/
    >>
    >> An interesting read anyway.
    >
    >Which (predictably) repeats the current myths about wireless security.

    Since I'm new to wireless, could you point out which are the myths? I
    don't mean quote the articles or anything, just which parts of the
    technology they are wrong about. I'm NOT being a smartass here. I'm
    really curious. Thanks, Neil, for any info.

    - Sandy
  3. Archived from groups: alt.internet.wireless (More info?)

    OK... Let's start...

    First, it's missing the major error of not changing the default password.
    Most people just connect their wireless router or access point and that's
    it. I wonder if anyone has ever uploaded modified firmware onto someone
    else's router.

    Then, there's the turn off SSID broadcasts part. Doing so will make it very
    difficult to connect to your network under Windows XP when using the
    built-in wireless service. In addition, turning off SSID broadcasts makes
    it more difficult to choose broadcast channels that do not overlap with
    other wireless networks.

    There's the "not changing the SSID means an intruder can access your network
    and the contents of your hard drive, including any personal data" part.
    That's not the case if you are have properly set up your firewall and/or
    have password protected network access to your computer. In addition,
    changing your SSID does not at all prevent people from accessing your
    network or computer. Ideally, you would also want to use an SSID that in no
    way identifies that it is your network (actually, the default "default" used
    by some devices works pretty well).

    WEP is no good. It would be nice if CNN would mention the better
    alternative, WPA, by name. All new wireless hardware should support it and
    people should only buy those products. These days, buying something that
    only supports WEP does not make sense.

    MAC addresses can easily be spoofed and you would not want to protect a
    corporate network by merely restricting access to certain MAC addresses.

    Turning off DHCP does not help. In fact, if you're using your laptop on the
    road, you need to configure it to obtain its address via DHCP. The only
    time it helps to not use DHCP at home is when you have a wireless
    printerserver or other network devices that you have to connect to by IP
    address. In those cases, you would still leave DHCP on but assign those
    devices an IP address below the assignable range.

    Finally, the easiest way to keep people off your network is to use WPA with
    a long passphrase (say at least 20 letters where one word is not a real
    word). However, this will not shield you from people connecting to your
    network over the Internet. In this case, putting your computer behind a
    router helps a lot.

    -Yves

    "Sandy A. Nicolaysen" <sandynic@verizon.net> wrote in message
    news:6b25p05rn4tl5gs5j30d41b9c621u2cq54@4ax.com...
    > On Wed, 10 Nov 2004 21:25:01 GMT, neillmassello@earthlink.net (Neill
    > Massello) wrote:
    >
    >>Sandy A. Nicolaysen <sandynic@verizon.net> wrote:
    >>
    >>> http://www.cnn.com/SPECIALS/2004/wireless/
    >>>
    >>> An interesting read anyway.
    >>
    >>Which (predictably) repeats the current myths about wireless security.
    >
    > Since I'm new to wireless, could you point out which are the myths? I
    > don't mean quote the articles or anything, just which parts of the
    > technology they are wrong about. I'm NOT being a smartass here. I'm
    > really curious. Thanks, Neil, for any info.
    >
    > - Sandy
    >
  4. Archived from groups: alt.internet.wireless (More info?)

    Sandy A. Nicolaysen <sandynic@verizon.net> wrote:

    > Since I'm new to wireless, could you point out which are the myths?

    The only real security for wireless networks comes from encryption. The
    best is WPA, but even weak (40-bit) WEP is better, much better, than no
    encryption at all. Once you've enabled encryption (with a key that can't
    easily be guessed), you have secured your network from all but serious,
    sophisticated hackers willing to spend some time to crack your network.
    Such hackers will not be deterred, or even much slowed, by a hidden
    SSID, disabled DHCP, or enabled MAC filtering.

    SSID, MAC, and addressing can be used to manage access by friendly users
    to wireless networks, but they're essentially useless as security
    precautions against an attack by an outsider. To use analogies,
    encryption is the heavy-duty deadbolt lock on the front door, and the
    other measures (SSID, etc) are those little collapsible gates used to
    keep Baby away from the stairs.
  5. Archived from groups: alt.internet.wireless (More info?)

    On Wed, 10 Nov 2004 14:01:31 -0800, "Yves Konigshofer"
    <yvesk@sStTaAnNfFoOrRdD.edu> wrote:

    >OK... Let's start...
    >
    <great explanation snipped for brevity>

    Thank you very much, Yves! I suspected the DHCP thing was
    questionable.

    Too bad my Linksys BEFW11S4 doesn't support WPA. :(

    Hmmm...maybe time to upgrade. :/

    Regards,
    - Sandy
  6. Archived from groups: alt.internet.wireless (More info?)

    Sandy A. Nicolaysen <sandynic@verizon.net> wrote:

    > Too bad my Linksys BEFW11S4 doesn't support WPA. :(

    IMHO, Yves exaggerates when he says WEP is no good. It's not as good as
    WPA, but it still takes time -- and a lot of network traffic -- to crack
    128-bit WEP. If you use a "nonsense" key and change it periodically,
    your network should be reasonably safe from all but the most determined
    attacker.


    > Hmmm...maybe time to upgrade. :/

    Before you upgrade your wireless router, make sure that the wireless
    adapters in your computers are also capable of WPA. Older ones may not
    be.

    There are no absolutes in computer security. It's always a balance of
    costs and benefits. Unless you think you're a likely target of serious
    snooping, I don't see the need to spend money right away just to get
    WPA.
  7. Archived from groups: alt.internet.wireless (More info?)

    Sandy A. Nicolaysen wrote:
    > On Wed, 10 Nov 2004 14:01:31 -0800, "Yves Konigshofer"
    > <yvesk@sStTaAnNfFoOrRdD.edu> wrote:
    >
    >
    >>OK... Let's start...
    >>
    >
    > <great explanation snipped for brevity>
    >
    > Thank you very much, Yves! I suspected the DHCP thing was
    > questionable.
    >
    > Too bad my Linksys BEFW11S4 doesn't support WPA. :(
    >
    > Hmmm...maybe time to upgrade. :/

    Not necessarily. You can protect yourself by other means, depending on
    the resources available to you.

    If you're always connecting to a corporate network via a Windows server,
    you could enable secure connections and/or authentication, or create VPN
    tunnels to bridge the wireless network. When properly setup, anyone
    breaking the WEP encryption to access your 802.11b subnet will find
    themselves lost in a data island where nobody talks to strangers and
    there's nothing worth having.

    Sort of like trying to break into the bank vault and winding up in
    Denny's ...

    HTH.

    William
Ask a new question

Read More

Wireless Security Internet Wireless Networking