[MLB-WIRELESS] Security concerns loom in new wireless world
Paul van den Bergen
paul at serc.rmit.edu.au
Wed Jul 24 17:16:30 EST 2002
this has got to be the stupidest advice I have ever seen. It clearly
demonstraights that the person writing has absolutely no idea about
security protocols or methods, etc. Unfortunately it is not the first
time I have seen it. It looks like a direct reworking of
http://arstechnica.com/paedia/w/wireless/security-1.html
basically this is talking about the SSID, who's purpose (for having a
name) is specifically to identify the network! it is not a password.
hiding it won't achieve any level of security and certainly won't
prevent access once it is know (not to mention most sniffer software
automatically detects it anyway). WEP (inherent weaknesses aside - 40
bit and 128 bit) and IPsec are the only things to secure your network
with! knowing they are on the network does not give automatic entry to
the network. You still have to work hard to break in, esp. IPsec. Then
there are active controls (intruder detection and response) that any
paranoid sysadmin should implement... eg. honeypots, Zone alarm, etc.
Barry Park wrote:
>Crackers become "whackers". *Sigh*
>- Barry
>
somewhat tragic, no?
>Security concerns loom in new wireless world
>
>July 21, 2002
>
>BY HOWARD WOLINSKY
>
>Wireless networks are full of holes that pranksters, criminals and
>terrorists can enter and break into personal information people keep on
>their computers. But home and business users can take steps that go a long
>way toward plugging security leaks.
>
>Security experts advise wireless networkers to throw up as many obstacles as
>possible for "whackers," wireless hackers.
>
>Don't advertise the presence of your network to the world with a name that
>reveals who you are, such as ACME Corp. Network or Smith Family Network.
>Instead, create a name from a meaningless string of letters and numbers. In
>obscurity there is security. Also, don't use the factory default network
>name for a network. For example, a network named "linksys" is a giveaway
>that someone bought equipment made by Linksys. When a factory default name
>is broadcast, it often means the system was taken straight out of the box
>and plugged in, with no security measures put in place.
>
>Roaming the Chicago area with a scanner for a few days, the Sun-Times
>detected 1,064 wireless networks. They were operated by these types of
>organizations:
>
>More at http://www.suntimes.com/output/news/cst-nws-protect21.html
>
>
>
>*********************************************************************************
>This email and any files transmitted with it may be legally privileged
>and confidential. If you are not the intended recipient of this email,
>you must not disclose or use the information contained in it. If you
>have received this email in error, please notify us by return email and
>permanently delete the document.
>*********************************************************************************
>
>To unsubscribe: send mail to majordomo at wireless.org.au
>with "unsubscribe melbwireless" in the body of the message
>
>
--
Dr Paul van den Bergen
SERC, RMIT University
paul at serc.rmit.edu.au
+613 9925 1624 phone
+613 9925 5699 fax
goofey: bulwynkl
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
More information about the Melbwireless
mailing list