Tim wrote: > Many of the other posters covered several points on what I'm about to > say, but I'll summarize my thoughts briefly. I've done a number of > wireless penetration tests in the past and I keep up with many of the > cryptographic details related to the current protocols. > <snip> > Here's what I recommend for security: > > - Forget about signal strength and when it might drop off. This only > stops people who don't have big antennas. > > - Don't bother with WEP. It's essentially completely broken in > multiple ways. > > - Avoid WPA1 if you can. It's a badly designed protocol with elements > of backward compatibility from WEP. It's not totally broken yet, > but there are certain attacks and published tools out there. > > - WPA2 (specifically CCMP) should be solid. > > - Be sure to pick a network SSID which is not common. Then pick a > good password for the network. In order to brute-force a password > with WPA, one needs to incorporate the SSID into the process, so > precomputation attacks on your network can be thwarted by picking an > uncommon SSID. (In other words, don't leave it as "linksys" or > something like that.) >
I don't imagine mine is common, but it's not totally odd. On the other hand, I've turned off SSID broadcast, so the average guy running around in my neighborhood won't see it, anyway. > - If your AP software doesn't support WPA1/2, then consider > firewalling off access and only allow routing via OpenVPN. It's > quite good and not terribly difficult to set up. > > > Hope that helps Richard and anyone else with a wireless network. Thanks. I'll incorporate your ideas into my setup. -- Regards, Dick Steffens _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
