arstechnica.com— Sometimes you don't need to know everything about wireless to secure a home or home-office network; you only need to know what's important.
Apr 30, 2008View in Crawl 4
Really at the consumer level for a home, just password protect. Really WPA2 along with a few of those tricks is the only effective deterrent to an actual attack and it's both complicated to set up and has impact on network performance.The underlying point being the only way one WOULD attack your network would be to be within range of it, and for the most part the only people in range of your network that you could fear are neighbors interested in stealing your wifi.As far as security goes? It's not like I'm going wardriving, parking in front of someone's house and breaking WEP just to sit there sniffing random packets HOPING for a credit card or soc number. It's simply not cost effective.WPA2 however would have limited affect if, again, we were dealing with a dedicated neighbor who wanted to hack your network, it would only be a matter of time.Thus, for your home, just password protect it. Anything else would be erroneous or ineffective depending on the scenario. Obviously the rules are different for businesses and places running public networks, but for the home, really it's not worth the effort.
I buried your comment (for the statement that WPA2 is realistically hackable, because it's not), but there was one concept in your post that is on the right track, and that is the idea of defense in depth. By this I do *NOT* mean things such as SSID hiding and MAC address filtering, but rather things like a software firewall on your computer. Using WPA on your router won't protect your system when you connect your laptop to someone else's network. Also, malware could get into one of the systems on your network through some other means, and if that happens you want your other systems protected from that. So, the general idea of defense in depth is definitely a good idea to keep in mind.As for the questioning of what person would want to crack your home network, who says that it's a person? It's entirely possible that a neighbor (for example) could unknowingly have malware on their system, and that malware could be trying to do something with your network.
Yes, but as someone who majored in computer engineering, while I may have studied how to implement AES encryption at one time, I'm not always very adept at explaining these basic things to a general audience. This will be a great guide to send, say, my dad, and is good to know for that reason. I'd imagine that IT guys at small companies who are still trying to get their superiors to approve a budget for a non-WEP security policy at their place of work might have similar needs.Also, as mentioned elsewhere, this article is clear and accurate. I've met many, especially older, people in the tech industry who have lots of knowledge picked up since school but its a bit more cloudy than it probably should be.
Expanding the locked front door analogy:My firewall is like a locked front door and my open wifi is like the front lawn with no fence.People shouldn't walk across my front lawn but there's nothing stopping them and I don't mind if a few do walk on my lawn as long as they don't kill the grass. If it turns out that some inconsiderate bozo is going to abuse my front lawn enough to damage the grass, then and only then I will put up a WPA fence.
> Using WPA on your router won't protect your system when you connect your laptop to someone else's networkCorrect and there needs to be more publicity about the need for mobile users to use secure tunnels or VPNs. The real fertile ground for hackers isn't home routers, it's the wide-open computers in every Internet cafe.Me, I run a secure VPN on my laptop that at least hides my network traffic from anyone on the coffee shop LAN. I didn't even want to buy an iPhone until I found the VPN services for it.
Closed AccountApr 30, 2008
Really at the consumer level for a home, just password protect. Really WPA2 along with a few of those tricks is the only effective deterrent to an actual attack and it's both complicated to set up and has impact on network performance.The underlying point being the only way one WOULD attack your network would be to be within range of it, and for the most part the only people in range of your network that you could fear are neighbors interested in stealing your wifi.As far as security goes? It's not like I'm going wardriving, parking in front of someone's house and breaking WEP just to sit there sniffing random packets HOPING for a credit card or soc number. It's simply not cost effective.WPA2 however would have limited affect if, again, we were dealing with a dedicated neighbor who wanted to hack your network, it would only be a matter of time.Thus, for your home, just password protect it. Anything else would be erroneous or ineffective depending on the scenario. Obviously the rules are different for businesses and places running public networks, but for the home, really it's not worth the effort.
Closed AccountApr 30, 2008
I buried your comment (for the statement that WPA2 is realistically hackable, because it's not), but there was one concept in your post that is on the right track, and that is the idea of defense in depth. By this I do *NOT* mean things such as SSID hiding and MAC address filtering, but rather things like a software firewall on your computer. Using WPA on your router won't protect your system when you connect your laptop to someone else's network. Also, malware could get into one of the systems on your network through some other means, and if that happens you want your other systems protected from that. So, the general idea of defense in depth is definitely a good idea to keep in mind.As for the questioning of what person would want to crack your home network, who says that it's a person? It's entirely possible that a neighbor (for example) could unknowingly have malware on their system, and that malware could be trying to do something with your network.
kibibytebrainApr 30, 2008
Yes, but as someone who majored in computer engineering, while I may have studied how to implement AES encryption at one time, I'm not always very adept at explaining these basic things to a general audience. This will be a great guide to send, say, my dad, and is good to know for that reason. I'd imagine that IT guys at small companies who are still trying to get their superiors to approve a budget for a non-WEP security policy at their place of work might have similar needs.Also, as mentioned elsewhere, this article is clear and accurate. I've met many, especially older, people in the tech industry who have lots of knowledge picked up since school but its a bit more cloudy than it probably should be.
edmcguirkMay 1, 2008
Expanding the locked front door analogy:My firewall is like a locked front door and my open wifi is like the front lawn with no fence.People shouldn't walk across my front lawn but there's nothing stopping them and I don't mind if a few do walk on my lawn as long as they don't kill the grass. If it turns out that some inconsiderate bozo is going to abuse my front lawn enough to damage the grass, then and only then I will put up a WPA fence.
Closed AccountMay 11, 2008
@Ledwolf555;You would have to turn a sensible debate into a stupid "hur hur diggers get no sex lulz", wouldn't you?
awhileagoJun 10, 2008
Certainly can be done as a fun project, but I wouldn't recommend it for someone without a lot of free time.
bosskeySep 14, 2008
> Using WPA on your router won't protect your system when you connect your laptop to someone else's networkCorrect and there needs to be more publicity about the need for mobile users to use secure tunnels or VPNs. The real fertile ground for hackers isn't home routers, it's the wide-open computers in every Internet cafe.Me, I run a secure VPN on my laptop that at least hides my network traffic from anyone on the coffee shop LAN. I didn't even want to buy an iPhone until I found the VPN services for it.
jjmtechApr 7, 2009
We only provide WPA2 as a wireless security option to our clients as we have successfully hacked WPA in our offices, it's suprising how many people still use WEP or even open authentication!<a class="user" href="http://www.JJM-International.co.uk">http://www.JJM-International.co.uk</a>