Re: [NTLK] WEP vs Airport

From: E. Male (mrramsay_at_hotmail.com)
Date: Wed Apr 23 2003 - 10:22:54 PDT


Jim,
Thanks for that reply. I, too, will be setting up a wireless network
(Newton, ibook, Airport) soon, and have been reading a white paper on
802.11b vulnerabilities called "Hacking The Network". Good paper, but I'm
glad you put your explanation plainly.

Kudos,
Doug

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Newtonium-62: The Newton Messagepad Nanospace
http://www.geocities.com/newtonium62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>From: "Jim Anderson" <jiman_at_microsoft.com>
>Reply-To: newtontalk_at_newtontalk.net
>To: <newtontalk_at_newtontalk.net>
>Subject: Re: [NTLK] WEP vs Airport
>Date: Wed, 23 Apr 2003 10:11:49 -0700

><snip>
> I just set up my own wireless network a couple of weeks ago, and
>I did a bunch of reading up on wireless security. The gist is that the
>main reason you want to close your wireless network is to prevent random
>folks from using your internet connection to send spam or download nasty
>pr0n. Since most wireless APs run wide open (no WEP key, no white list
>of MAC addresses), any security you add to yours will make you a much
>less attractive target than the guy down the street. Seriously. I took
>my Powerbook to work on the bus a few times, and just sat their running
>Kismet and watching all the open APs pop up.
> The general consensus on WEP is that it isn't a particularly
>good form of encryption. Any size WEP key can be found by sampling
>enough packets (the bigger your WEP key, the more packets), but this is
>basically just an inconvenience to a dedicated cracker. Setting up a
>white list of MAC addresses like you did is much better, especially if
>your AP just ignores any packets from a MAC address it doesn't allow (I
>don't recall if airports do this). If you turn off SSID broadcasting (I
>also don't know if you can do this with an airport), more the better.
> Basically, securing your AP is just a matter of making it really
>inconvenient to crack. If you disable SSID, wardrivers won't see it. If
>you use a MAC address white list, someone will have to figure out your
>white list and spoof a MAC address to even connect. Using WEP means that
>they'd then have to capture packets for a while before they could use
>your wireless network. The more of these things you do, the more
>inconvenient you make it for people to try and crack you.
> Personally, I think just using a MAC address white list like you
>do is probably plenty. If I was having problems getting the various
>devices to play nice with WEP, I'd just skip it and stick to the white
>list.
> The other half of wireless security involves securing your AP
>itself against crackers. If it supports remote administration, you might
>want to either disable it, or set it to be accessable only to your
>private network. Definitely set an admin password. If you don't do this,
>then someone could bypass all your nifty security by changing your
>airport settings themselves!
>
> What I did for my own network was to set up the AP as a dumb hub
>sitting behind my existing firewall, responding to IP addresses in my
>private network IP space. Remote admin is set to only be accessible from
>the private network, and has a strong password. The AP uses 128 bit WEP
>(if I was using it as a router, I'd prolly use a MAC white list like you
>do instead), and broadcasts a non-default SSID (for me, turning this off
>was too inconvenient). I don't use DHCP, and I've specified a white list
>of private IP addresses that are valid to the firewall. While this isn't
>terribly secure, it's better than 90% of the APs I've seen in the
>neighborhood, so it's probably good enough. I could do more, but I don't
>want to make it too inconvenient for me to use. The way it's set up now,
>my Powerbook can automatically see it and connect when I wake it up.
>
> Hope that helps,
>Jim Anderson

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus

-- 
This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries
List FAQ/Etiquette/Terms: http://www.newtontalk.net/faq.html
Official Newton FAQ: http://www.chuma.org/newton/faq/


This archive was generated by hypermail 2.1.5 : Wed Apr 23 2003 - 11:00:00 PDT