[mdlug] WiFi -Woes(?) or Broadcom is 'the' lame
Joseph C. Bender
jcbender at bendorius.com
Sat Dec 1 00:07:29 EST 2007
Michael Newman wrote:
> Why not leave the network open and filter MAC addresses. That would be
> more secure than wpa2 and should allow you to connect freely since the
> protection is all in the router. With the linksys router it is pretty
> basic to set up. Also if you leave things open make sure you change
> the ipaddress and password on the local router. In college people
> would change ssids and passwords just for fun on whatever routers were
> found open.
>
Dear Gods above, no! This is terrible advice.
1. This is massively vulnerable to MAC spoofing attacks.
2. By doing that, it's now possible to sniff everything that's
happening on that network. Any semblance of protection is an illusion.
There is no protection, let alone the router providing it. More
secure? Not even close.
WPA2 + MAC filtering is a better idea. WPA2-enterprise is an even
better idea with full-bore 802.1x on top of it, but most people aren't
going to want to sink that much time into their home networks. *grin*.
WPA2 + AES-CCMP is pretty good, as long as one chooses a nice random
hex string. The issue is that the passphrases most people use really
stink. The thing about WPA(2) was that TKIP was about as bad as WEP
was, and IIRC used the same RC4 implementation. AES-CCMP or nothing.
--
Joseph Bender
Bendorius Consulting
P: 248-434-5580
F: 248-434-5581
jcbender at bendorius com
More information about the mdlug
mailing list