[MLB-WIRELESS] Evangelism

grenville armitage garmitage at swin.edu.au
Thu Feb 6 12:32:31 EST 2003


Kym Michael wrote:
	[..]
> 7) How big a problem is security with wireless computer set-ups? What can
> be done to make them more secure?

Very.

A useful analogy is that running an 802.11b network out of the box
is like plugging a long run of cat5 into one of your home LAN router's
ports, hanging the free end out your window, and letting anyone standing
out on the street plug in to your home LAN.

Running 802.11b with WEP enabled is like hanging aforementioned cat5 out your
window, putting a lock-box around the plug at the free end, and letting
passers-by attempt to pick the lock at their leisure. If you don't change
your WEP key relatively frequently someone will eventually open the lock-box 
and plug into your home LAN network. [*]

However, WEP is insecure because it is insecure, not because its wireless.
Traffic encryption is always an improvement if you can keep your keys
safe, or change them often. Given that most average consumers have the
choice of WEP or no 'security' at all, this means additional security must be
applied at higher layers - IP (IPsec VPN tunnels) or application level
(e.g. ssh, ssl, etc...)

Use or discard these words as you see fit....

cheers,
gja

[*] Actually the situation is slight worse, because passers-by can
record all your WEP-protected traffic for later decoding even after you
change your WEP key. So even if they can't inject packets _into_ your home
LAN at the time, people can certainly gather data today that might be used
against you weeks or months down the track.

-- 
Grenville Armitage
http://caia.swin.edu.au

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list