Klarinet Archive - Posting 000120.txt from 2005/07
From: "Woodwind" <woodwind@-----.com>
Subj: RE: [kl] Re: Identity Theft
Date: Fri, 08 Jul 2005 00:12:22 -0400
> 1) Spoofing the MAC address of a computer on the network that
> has access is easy. You just wait for one legitimate packet
> to be sent, sniff it, and use that MAC address. Takes all of
> a few seconds.
> 2) Cracking the WEP key is possible with readily available
> free software in an average time of five to ten minutes.
> I would strongly urge anyone relying on wireless security to
> use the more secure WPA standard. It's newer and so less
> widely supported, but every new router I've seen supports it.
All true. My point was simply that if you at LEAST do that much, you have
made it less attractive to the casual cracker type. If someone is THAT
serious about getting onto your network, even WPA may not be enough to stop
them - you do realize that cracking software for WPA has been available
since last year? Unless you're using 802.1x so that each user has their own
WPA key, WPA really isn't that much more secure than WEP anymore.
> > Amen! While a determined person could possibly hack into your Wi-Fi
> > network even when you've locked it down, the reality is if you do a
> > reasonable amount of due diligence with regard to securing
> it, most won't bother. Why?
> > Because half-a-dozen other wireless networks in your neighborhood
> > probably aren't locked down, or not locked down well
> enough. Unless
> > the bad person specifically wants something from YOUR
> computers, he'll
> > go try the unsecured network half a block away.
> That argument only works if your neighbours have unsecured networks.
> As more people realise that their networks are unsecured,
> more people will use WEP. I strongly urge anybody considering
> using WEP not to believe that it gives them any more security
> than a sign on their front door saying "Please don't come in".
> Use WPA.
While it's true that more people are using secured networks, most people are
not using multiple security layers. They are choosing one mode to secure
and thinking they are safe. While there's no denying that there are plenty
of crackers out there who could potentially go after your system, in most
cases, they won't bother if there's easier pickin's around. If you've used
multiple layers of security, chances are really good there will be easier
My point is that you should use multiple forms of security. That includes
ensuring that EVERY user on EVERY computer has a strong password, and that
this password MUST be entered to access the machine. When possible, user
accounts should use "least privilege" - that is, for most work on the
machine, use an account without administrative privileges, and only log in
as administrator for tasks which require it (easier said than done, I know -
many games are designed poorly in that they can't run in non-administrative
accounts, for example). Don't assume that because you have one line of
defense (a firewall) that you are 100% safe behind it.
Secure any business, financial, or identity theft potential records either
on a machine that's not connected to the internet, or in removable storage,
or at the very least, encrypted and password protected.
Hmmm, anyone know a good secure way to encrypt and password protect my
Klarinet is a service of Woodwind.Org, Inc. http://www.woodwind.org