[nycbug-talk] How secure: wireless + ssh?

Chris Clymer chris
Mon Dec 26 14:39:10 EST 2005


On Friday 23 December 2005 12:59 pm, Isaac Levy wrote:
> Hey All,
>
> On Dec 23, 2005, at 12:48 PM, Trish Lynch wrote:
> >>> Most access points will allow you to setup filters on the MAC.
> >>
> >> Many OS's allow you to change your MAC.
> >> --
> >
> > Yes, but you still have to guess valid macs, right? guess thats
> > firly easy while sniffing.
> >
> > seriously its just another minor layer, but it won't help keep
> > someone from sniffing the wireless.
> >
> > Why use WEP? use WPA, it addresses the issues with WEP.
>
> WPA is definately nicer than WEP, but it's still crackable (and in
> some instances, requires less wireless packet capture to perform a
> successful crack than WEP even):
>
> http://wifinetnews.com/archives/004428.html
>
> "Both the WPA and 802.11i documentation recommend a minimum 20-
> character password. Unfortunately, this small tip is buried in a lot
> of highly technical information, and therefore unavailable to the
> typical SOHO user."
> http://www.informit.com/articles/article.asp?p=370636&rl=1
>
> --
> If it's something you care about, change passphrases often- it's
> quite effective dealing with WEP/WPA crack threats, as they both
> simply take time to actually crack the keys.
>

You'd better be changing those keys quickly.  These days WEP is apparently 
crackable in 10 minutes or less:  
http://www.notestips.com/80256B3A007F2692/1/TAIO-6D7E4B

WPA I have been consistently hearing isn't as much better as some of us have 
thought:  http://www.informit.com/articles/article.asp?p=369221&rl=1

The original responders had the best method for securing wireless:  don't.  
Secure your own transmissions over it with proven technologies like SSH and 
VPN.  Put your wireless access point on a different network segment from 
everything else, treat it like a leper.  Make your own decisions for how 
locked down your network needs to be, but always assume that your wireless 
access point is as untrusted as a connection could possibly be.

The bottom line is that a lot of people rely heavily on ssh and vpn technology 
for a lot of important things, and if attackers find ways of defeating 
popular implementations of either, theres a lot more to worry about than just 
secure wireless.  With more at stake, one presumes that a better job is being 
done to secure them.  On the other hand, very few people are making serious 
attempts to secure wireless itself.  Its a losers game...the serious security 
people are just using the same ssh and vpn stuff they've been using 
everyplace else...or else they don't install WAP's to begin with.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.nycbug.org/pipermail/talk/attachments/20051226/3c36a483/attachment.bin 



More information about the talk mailing list