NickCoons - 5:08 pm on Sep 1, 2004 (gmt 0)

pageoneresults,

<Can you expand on the security issues that you see so that those of us less wireless savvy have a good understanding of what to do and what not to do?>

The other security features are things like WEP, which is known to be easy to break. Someone needs only to listen to your network and collect about half a million packets of data to be able to crack the WEP key and get into the system. Collecting this many packets can take anywhere from 15 minutes to several days depending on how much traffic your wireless network produces.

Using a combination of MAC filtering and WEP is a good idea, IMO, as it provides two layers of security. These are mainly deterants for someone trying to break into an arbitrary network and will often cause them to move on to the next. WEP takes a little bit of processing power, but all of your equipment should be able to handle it without noticable slowdown.

If you're looking for additional security, you'll want to setup something that is higher level like a VPN. Take a look at OpenVPN.. it's available for download at Sourceforge and is cross-platform. The Linksys WRT boxes are basically little computers running Linux. Linksys has opened up all of this code to the GPL, and so the source is also available from their website. You can compile and install your own customized firmware onto these boxes, including OpenVPN, which will give you security that's equivilent to that an SSL or SSH connection.

If you don't want to get into recompiling firmware, then the next best option is to setup a Linux box on your network as an OpenVPN server that will act as your wireless gateway. All wireless traffic is forced through this server, and this server only passes traffic that comes in through the VPN connection. OpenVPN supports either OpenSSL or a shared secret key.

SlyOldDog,

<But is your info really that valuable?>

Most people's info is more valuable than they think, unless they don't care about identity theft :-).

ogletree,

<If you have broadcast SSID off and use MAC address security there is no way for a wardriver to break into your system without a tremendous amount of effort parked outside your house.>

It's actually much easier than that. While your AP is not going to broadcast itself, your SSID is going to be included in the header of every packet that your wireless network transmits. A wardriver would know your SSID the instant that your wireless network is used. And even if you're using WEP, the SSID is included in the unecrypted portion of the header. So even with WEP turned on and broadcast turned off, the SSID is readily available.

This, however assumes that you're using something like Kismet (on Linux), which will be able to get the SSID from packets sent on the network. Netstumbler (on Windows), AFAIK, cannot.

<You have to be real carefull with "computer guys" very few of them have real training and base most of their statements on things they have heard or most the time just made up. I have been in the IT industy since 97 and have known a lot of high paid idiots. Very few people in the industry have a clue of what they are doing. Basic IT is so easy that anybody that makes the smallest effort can figure it out. They and people around then think they are experts in the field.>

I've been around the computer industry for a long time and I would have to agree with you completely.

<I was trained by Cisco on wireless technology and have read a lot of stuff on it.>

I'm basing my statements on my own experiences with wifi over the past five years (I've done all of these things that I'm talking about).