[Leaplist] an ipcop question

Hank Lambert hank at hanklambert.com
Wed Dec 17 07:32:19 EST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Aaron Morrison wrote:
>
> WPA with RC4 (the default) is generally good enough given a good
> pass phrase (pre-shared key).  As a side note, AES takes more
> computational power to generate the keys, so not all devices can
> keep up.
I use WPA with AES, TKIP is too insecure. The only device I have that
has problems with AES is my Mac G4, so I stuck a WAP on it's Ethernet
port and it connects to the ritter in bridge mode.

>
>
> MAC filtering and SSID hiding is not security.  At best it's a form
> of authentication which is not the same thing.  Any sniffer will
> reveal that information (instantly).
>
> And as you have experienced Bryan, hiding SSID can cause
> compatibility issues with some devices.  I do use MAC filtering
> mainly to prevent the drive-by associations, however.
>
> --am
>
I seem to do OK with the SSID off. Again, the Mac refused to play
friendly, but it is the only one. I know that disabling the SSID and
mac filtering isn't security, it's just another road block. If someone
stumbles across my network, I hope to have enough things in play to
make them want to move on to the next. My best guess is that if
someone really wants into my network, the SSID and mac filtering can
be overcome in minutes. And WPA has recently been cracked as well.
That is the reason I have been planning on moving my ritter to the
blue interface of the IPCop machine. I was thinking that if they got
onto my wireless network and it is on the blue, they would still have
the IPCop box to deal with. Is my thinking correct? I don't know
enough about the blue interface to know, but if all it does is provide
mac filtering for the machines, then that doesn't provide any further
security.

- --Hank

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJSPFSBEC44ZbTPXERAvHIAJ9QzDLkOMXtmFp1nc4GV/H5EU+BkACglDSN
uGg+vpxGLOl9V61V8bYxmJ8=
=GyfN
-----END PGP SIGNATURE-----


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Leaplist mailing list