NickCoons - 1:18 am on Sep 2, 2004 (gmt 0)

ogletree

<I understand what you are saying but it is not easy for most people.>

I'm not worried about most people, because most people aren't wardrivers :-).

<I don't know why someone would bother it would be easier and cheaper to break into someones house. Any moron can break into your house.>

If someone can break into something without you knowing that it's happen, there's a good chance that it can, or already has, happened.

It's easy to break into a house by smashing a window, but then it's also very difficult to cover your tracks. We do things that are common sense like locking the doors and windows. Without those safeguards, someone could enter your house and you may never know, because they haven't damaged anything. This is the worse kind, because you don't even know that it happened.

When it comes to breaking into a network, it's very difficult to track someone, which means that it's much more likely to happen because they know they probably won't get caught. It's not simply a matter of how easy it is.

This is how things like identity theft work. You feel that your safeguards (MAC ACL alone) are sufficient.. that's probably because you've never seen anyone in your system. That either means that A) your safeguards are good enough, or B) your system is easy to enter without being seen. Why do you assume that it's the former and not even consider the latter?

Again, this is from experience. It is very easy to break MAC ACL and WEP, given that the network has any traffic. Normally someone would not do this. But if open wifi networks are scarce (depends on where you live), or if someone is targetting you specifically (probably not, though the guys that know what they're doing are always the ones that like a challenge), then it won't be passed up for the next AP.

<Turn the firewall on your computer on you are then just as safe as you are on cable modem.>

If you turn the firewall on on an individual workstation, you lose the services that you'd normally have on a LAN, like file and print sharing. If you open ports to allow those services, then you've effectively defeated your firewall, as those are the services that are easiest to exploit. The challenge is to secure the entire network without removing the desired functionality of the LAN.

However, if your machines don't send any to each other, and you have a network solely for the purpose sharing an internet connection, then this may be the way to go.

<Anybody at your ISP or any ISP you travel through can read your emails and watch your traffic.>

Well sure.. but anyone that has any common sense about email isn't going to send something through email that they want hidden or kept secret, because they should know that email is plain text all the way through and inherently insecure. As far as the rest of the traffic, I really don't care that someone at my ISP may be watching me write this message on Webmasterworld.

What I do care about is personal data (social security numbers, credit card numbers, passwords, company documents, etc). None of this is ever done unencrypted. When I access my email remotely (email over IMAP), I do so using SSL.. not because I'm concerned about the privacy of the email, but rather the login credentials to access the email.

Assume that at any time anyone can intercept anything that you send over a network (because they can).. and act accordingly. If you don't care that information leaks out, then that's fine.. just so long as it's understood that it's easier to do than most people think.

SEOMike

<Unless your data is REALLY valueable, just turn off your SSID, use a MAC filter or a WEP, or both.>

Most people that I know have data like credit card numbers or passwords that they don't want anyone to know -- I know I do. To me, that is REALLY valuable data. If anyone disagrees with me, and this information is not valuable, please reply with your detailed banking information :-).

<Most times wardriver will just keep going to the next AP if yours presents any measures that will cause them to spend time breaking in.>

That's true.. I live in a fairly nice neighborhood, and most times if I leave the door to my car unlocked nothing will happen to it. However, I'm not concerned with what will happen most times.. I'm concerned with what will happen every time. I want a 100% failure rate for anyone that tries to get into my network.. not just most times.

It used to be that 10 years ago, even five years ago, people considered computers a novelty item. That's just not true anymore.. they're almost a necessity for many people, like a telephone. And a lot of people are putting important information into their computers. There are more than a few blackhat hackers that know this and are more than willing to take advantage of people that don't understand proper security. It's the "it couldn't happen to me" syndrome.

rbarker,

<My eyes have glazed trying to keep up.>

I love Jeeps.. and I've always wanted one. Several months ago, I finally got my first (1994 Grand Cherokee).. and it had a bit of damage to the CV joints. I don't know much about vehicles.. except how to drive them and fill them with gas (well, a little more than that, but you get the idea). My mechanic told me that the joint would be fine if I didn't do any offroading. Apparently a lot of people drive around with bad joints and don't even know it because they stay on paved surfaces.

A few weeks later, my family and I went camping, and I couldn't resist. Two days later, I heard clunking noises coming from the front of the vehicle. It drove just fine, but I was very paranoid to ride it with the excessive amount of noise it was making. So I took it in.

My mechanic looked at it, he spent some time explaining to me what had happened and what needed to be done and why.. during this one-way conversation I had a look in my eyes very similar to the one you probably had when you read my previous post. The only thing I really remember from the conversation is $1,100. However, he did show me the damage to the joint and it was apparent that it needed fixing.

The moral here is that while many people may not understand the details of how something works, it's a good idea to understand the reason for them. I don't expect everyone in the world to become technical security experts and how to customize syslogd to function on their Linksys WRT. However, I do think it's reasonable to expect, (if not today, hopefully sometime soon), the reason why it's important. Unfortunately, this is a the kind of thing that a lot of people will have to get bitten by before they get it.

<I disconnected security altogether>

I'm sure you've had more than one intruder into your network. Most likely, they've all simply been looking for bandwidth. That's not always the case.

<and bought a 5.8ghz phone>

This was a good move, however :-).