Wireless security (was Re: [Wolves] PDAs - a vague question)
wolves at mailman.lug.org.uk
Sat Aug 30 12:28:00 2003
On Saturday 30 August 2003 11:57 am, Jono Bacon wrote:
> Heya 'me old peeps,
> This is a good point. I went out recently with my Mac
> detecting wireless LANs in my area, and there were a
> fair few with no WEP enabled. The point is - can I
> connect legally? I did'nt because I don't know enough
> about it.
> Incidentally, next on my shopping list is a GPS
> reciever, because you can then go our wardriving and
> it will plot the location and size of the WLAN on a
> map. If you drive down every road in Wolves, your WLAN
> map is complete. There is also a WLAN inthe center of
> wolves with no WEP - but I am not suggesting you
WEP itself is almost useless as the encryption is too weak. It is far better
to secure the WAP to only allow connections by the MAC address of the allowed
adapters, this much more effective at stopping unwanted usage. Even better
to firewall the WLAN and use an IPSEC VPN with full X509 authentication to
tunnel out to the 'net.
<rant>The biggest problem is the "it does what it say right out of the box"
requirement for everything when that is not alway appropriate. MSBlaster,
Sobig et al could not have worked if the "features" they exploited were
disabled by default and had to be explicitly enabled. When you buy a TV or
VCR, you have to set it up and tune in to the local stations. OK, some
people stop at this point so the clock flashes 12:00 for the rest of time,
but they have done the minimum required to get it to work. So why can't M$
do the same? because they don't want to support what they sell? because they
know just how bad their code is?
Setting up a LAN is a non-trivial task and a WLAN is even more complex. It
was interesting to see the number of so-called "network administrators"
bleating that they "can't close port 135" on their "firewalls" because "it
will stop remote workers accessing the exchange server"
God, I feel better for that!
N 52.567623, W 2.137621