[Madlug] Wireless security practices

Will Maier willmaier at ml1.net
Wed Jun 13 17:09:35 CDT 2007


On Wed, Jun 13, 2007 at 04:46:54PM -0500, C Belly wrote:
> I set it to use WPA2 Personal. Can anyone tell me what the
> difference between personal and enterprise is? 

Wikipedia has a reasonable summary, I guess:

    http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

'Personal' mode is better called 'Pre-shared Key' (PSK)[0] mode. In
PSK, each user enters a passphrase to authenticate against the AP.
Longer and more complex passwords should be harder to crack.

> I gave WPA2 a 63 character random password. I turned off VPN,
> because I don't need it. I changed the default log in password to
> something longer than 12 characters. I changed the router and
> network name. Once I set up the computer I plan to use wirelessly,
> I'm going to look at MAC Filtering, and/or limiting access to
> specific ip addresses. I also turned off universal plug and play
> for the router.

MAC filters are easily circumvented -- see ifconfig(8) (or ethtool
on linux, perhaps). Still, they are sometimes worth the hassle of
keeping them updated. It depends on what you're defending.

> Is there anything else the truly paranoid might want to consider
> security wise?

Paranoia is overrated. Instead, think about what you're trying to
protect and then take reasonable steps to keep your valuables safe.
What are you defending here? Data on your desktop? the wireless
connection itself? your uplink's bandwidth? How valuable are these
things? Are the measures you're putting in place worth the increased
complexity/hassle/risk?

I could take or leave WPA -- I've found VPNs and otherwise encrypted
tunnels to be simpler, more portable ways of protecting my data
(which I care about much more than my home DSL line). Higher-level
stuff isn't always the best choice, but it's often more flexible and
potentially much more secure. Check out something like OpenBSD's
authpf[1] for some ideas.

[0] http://en.wikipedia.org/wiki/Pre-shared_key
[1] http://www.openbsd.org/faq/pf/authpf.html

-- 

o--------------------------{ Will Maier }--------------------------o
| web:.......http://www.lfod.us/ | email.........willmaier at ml1.net |
*------------------[ BSD Unix: Live Free or Die ]------------------*



More information about the Madlug mailing list