[rescue] speaking of WEP

Devin L. Ganger devin at thecabal.org
Thu Sep 7 23:09:32 CDT 2006


Bill Bradford wrote:

> Surely I'm not the only one who only runs 64-bit WEP at home?
>
> (so I can remember the passphrase)
>
> If anybody's dedicated enough to break the key and sniff the
> traffic, all they're going to see is SSH anyway....

Depending on the amount of traffic passing over the AP, even 128-bit WEP
is trivial to break with modern tools.

I use WPA2 now for all of my WiFi needs, and my next step is to put the
AP on a separate DMZ off my firewall. If anyone does break it, they
still can't get out onto the Internet, because they won't have the
credentials necessary to initiate a VPN connection into my internal
network.

Disabling SSID broadcast is pointless -- it's not a security measure in
any sense of the word -- and MAC filtering is also pointless (not to
mention more of a bother with legit users than with the bad guys). I'm
still trying to decide if I want to bother with 802.1x.

My goal is to have a self-service website that comes up when someone
connects to my WLAN without the right certs. If they have a user
account, they can log in and get them. This makes it easier for friends
to hop on my WLAN without requiring me to open up the internal network
to them. Their creds will give them access out to the Internet and
that's all.

--
Devin L. Ganger <devin at thecabal.org>
Devin on Earth: http://blogs.thecabal.org/blogs/devin/



More information about the rescue mailing list