[MLB-WIRELESS] How not to go war driving....

[paul van den bergen]

On Mon, 24 Nov 2003 10:56 am, Ryan Abbenhuys wrote:
> I liken WEP to a clublock.  A deterrent more than anything.
>
> >this is the bit that worried me... I presume he is taking about WEP....
>
> which
>
> >we all know is worse than no security at all, right?

I re-itterate... "which we all know is worse than no security at all, right?"

:-)


while I'm sure we have had this discussion before, WEP is bad because it gives 
a false sense of security... 

128 bit WEP can be trivially broken within an hour or 2.  quicker for 
particular implementations with implementation flaws, etc.
48 bit within minutes.

the information transmitted can be recorded encrypted and then broken later - 
including password /username pairs, bank account details, whatever... no need 
to get an hours worth of traffic, there are other weaknesses that allow 
decryption.

so, secure your network properly. starting with individual machines. denigh an 
attacker a logon and they can't really do much can they? implement IPSEC on 
wireless connections, ssh, etc. 

or put up with some attacks.  e.g. rate limit your uplink, etc.



-- 
Dr Paul van den Bergen
Centre for Advanced Internet Architectures
caia.swin.edu.au
pvandenbergen at swin.edu.au
IM:bulwynkl2002
"And some run up hill and down dale, knapping the chucky stones 
to pieces wi' hammers, like so many road makers run daft. 
They say it is to see how the world was made."
Sir Walter Scott, St. Ronan's Well 1824 


To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message