Re: Secure wireless

[Chris Blouch]

I understand that there is no 'uncrackable' security so I'm left with 
what would be a reasonable security/usability tradeoff. While the lock 
on my front door might not provide much protection against a pro thief, 
an amateur who wiggles the knob and finds it locked might move onto 
easier prey. Likewise, I'm not exactly working with state secrets on my 
home network, I just want to have some level of security to keep bored 
nosy people out. The most dangerous stuff I do is maybe some online 
banking. Everything else would just be boring low-value data to a would 
be thief. Probably the main benefit would be to keep somebody from 
sponging off my internet for free. I just wasn't sure if doing MAC 
address white listing was useful or just a waste of time.

CB
Scott Bresnahan wrote:
Hi, Sean,
I'd say the better analogy is like locking your doors at night, but 
leaving your windows open for some fresh air.  I personally use only 
MAC security without encryption.  WEP and WPA won't stop a true 
hacker.  I want to keep honest people honest.

In addition, if one did spoof a MAC address, and you had two devices 
on the network with the same MAC, routing would go bonkers.  Not to 
mention, he'd have to be in close proximity to my house.


My physical security is more easily breached.  Break the ethernet wire 
outside my house and tap in.

--Scott





A hacker could just spoof your Mac addresses and cloan it so when he 
logs on your router would think it's actually your white listed 
device. That goes for cell phones, printers, NAS and other devices 
like TIVO's and any other connected wireless device. This is bad, 
very bad. You are basically saying the screen door is closed but the 
main door is open.
On Jun 20, 2008, at 1:41 PM, Esther wrote:

 Hi Chris,

 You wrote:
 Has anyone tried just using MAC address whitelisting instead of 
all the
 WPA WEP etc? That's what I do at home. I have no
 encryption/authentication stuff on my wireless router. Instead I 
have an
 allow list that only accepts connections from machines that have a
 specific MAC address. If you're not familiar, every network device 
has a
 sort of serial number burned into them by the manufacturer. It's a 6
 byte string and every manufacturer gets a block of them to use. Most
 routers will let you use this for access control on a whitelist (at
 least my Linksys does). Seems to work for me but maybe I'm opening
 myself up for issues.?

 There's an old (2003) article on the O'Reilly site titled:
 "Dispelling the Myth of Wireless Security"

 http://www.oreillynet.com/pub/a/wireless/excerpt/wirlsshacks_chap1/

 where the author tested cracking into his own (Mac) network which
 he set up as closed (no broadcast SSID), WEP-encrypted, and 
MAC-filtered
 wireless network.

 The SSID discovery was near-instantaneous.  The MAC-filtering crack
 took only seconds, the WEP crack took longest, but was also doable.
 (This was back in 2003, remember).  I use WPA encryption.

 This also reminds me that I wanted to pass on to David (who probably
 knows this already), that extending WPA encryption on wireless 
networks
 that are running with Windows machines (XP), may need you to
 run a couple of Fixes (on XPSP2): KB917021(Wireless Client Update),
 and KB893357 (to upgrade to WPA2 capability)

 http://support.microsoft.com/kb/917021
 (KB917021)


http://www.pcworld.com/downloads/file/fid,30721-order,1-page,1/description.html 

 (KB893357)

 Of course, this may be old information with XPSP3 out.  Gee, I'm
 glad I don't have to do anything with XP!

 CB

 David Poehlman wrote:
 actually, I cannot get ae and netgear to communicate under wep.
 WPA works.
 This is dismaying news but I am using Macs with my wpn82-v2 just 
fine.  I am
 not able to do all things with it using the Mac but certainly i can
 configure it in windows and then use the AE to stream my audio.  
I am
 pondering a new router at any rate since I have growing needs.

 ----- Original Message -----
 From: "Esther" <[EMAIL PROTECTED]>
 To: "General discussions on all topics relating to the use of Mac 
OS X by
 theblind" <discuss@macvisionaries.com>
 Sent: Thursday, June 19, 2008 3:03 PM
 Subject: Re: summary of progress to
 date:Re:HowtosetupAirTunesStreamingwithan

AirPortExpress(long)[wasRe:AirPortStreaminginiTunes[wasRe:NavigatingwithVO+arrowkeysandalternatives[wasRe:voiceoverquestion]]] 



 Hi David,

 I'm still surprised about the difficulties using your AirPort 
Express joined
 to
 your NetGear router when you use WPA encryption, since you've been
 able to get it working under WEP.  However, today's MacInTouch 
reader
 report about "Mac Marginalization" had some dismaying news about
 NetGear's future support (or lack thereof) plans for the Mac:


http://www.macintouch.com/readerreports/macmarginalization/index.html#d19jun2008 

 (MacInTouch Reader Reports: Mac Marginatlization)

 <begin excerpt>
 I have a very nice NetGear Router, an FR114. So, wanting a 
wireless router,
 I bought a NetGear WNR834M. It was very nice, and very fast, 
although it
 would only accept ten expressions in the "block these sites" 
feature,
 whereas the old one I had would accept an unlimited number.
 BUT - although I was able to store the router configuration 
settings, I was
 completely unable to restore them!

 Worse, I was also unable to upgrade the firmware, leaving me 
stuck with the
 original version (there have been FIVE upgrades published since the
 original).

 I contacted tech support for NetGear. They replied promptly 
(although they
 insisted on phone communication instead of the email that I prefer).
 Unfortunately their reply was, incredibly, that those two 
features, upgrade
 and setting restoration, were supported *only using Windows*!
 Moreover they stated that they had no plans to ever support the 
Mac - or
 Unix of Linux for that matter!
 <end excerpt>

 Cheers,

 Esther

 On June 16, 2008, at 06:11AM, David Poehlman wrote:

 Hi Tim,

 I reset it with the reset button and plugged it into the cabel 
modem.  The
 address is dhcp and dynamic so once it found the ae, my modem 
allowed me to
 connect to the internet and I was able to access the ae from all 
of my
 computers with a security of none.  I was able to use airtunes 
just fine.
 I
 went through the setup and chose join a wireless network, web 
128-bit which
 is what I am trying now due to device constraints.   It failed 
to come back
 once the settings were updated.  I am really at a loss now but 
there is one
 more thing I might try.  I was able to set up my printer 
wirelessly so do
 not understand why the AE will not come back after being updated.

 ----- Original Message -----
 From: "Tim Kilburn" <[EMAIL PROTECTED]>
 To: "General discussions on all topics relating to the use of 
Mac OS X by
 theblind" <discuss@macvisionaries.com>
 Sent: Monday, June 16, 2008 9:09 AM
 Subject: Re: summary of progress to date:Re: How
 tosetupAirTunesStreamingwithan AirPort Express

(long)[wasRe:AirPortStreaminginiTunes[wasRe:NavigatingwithVO+arrowkeysandalternatives[wasRe:voiceoverquestion]]] 



 Hi David,

 * When you connect the AE directly to the cable modem, did you mean
 that the AE would not broadcast properly?

 * Was that with a fresh configuration of the AE?

 * Do you have a static or dynamic IP with your ISP?

 Later...

 Tim Kilburn
 & Carter the Canine
 Fort McMurray, AB Canada