Message-ID: <3F296862.8080809@rogers.com>
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.4) Gecko/20030624
MIME-Version: 1.0
References: <200307311305_MC3-1-4561-A12C@compuserve.com>
In-Reply-To: <200307311305_MC3-1-4561-A12C@compuserve.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 31 Jul 2003 15:05:16 EST5EDT4,M4.1,M10.5
Sender: os2-wireless_users-owner <os2-wireless_users-owner@2rosenthals.com>
Reply-To: os2-wireless_users@2rosenthals.com
From:  Orest Skrypuch <os2-wireless_users@2rosenthals.com>
To:  os2-wireless_users@2rosenthals.com
Subject: OS/2 Wireless Users List: Still Don't Ge

Charles McCallister wrote:

>Jonas, 
>
>PMJI, but: 
>
>
> > MAC?  Why do you need that for?  I've tested all those 
> > cards over here  (black ones @ 
> > http://www.os2warp.be/index2.php?pageid=2&sub=9) and I 
> > never needed to mess up with that thing... 
>
>
>I was curious when I saw you mention this. I'm thinking that to limit
>access  to one's WAP you would limit usage to certain MAC addresses of
>those machines  you would allow, rejecting any others. Is this not correct?
>The reason I ask  is that is exactly what I am planning to do, allow only
>one MAC address, the  one to my Thinkpad. 
>
>Also, I confirmed yesterday with my WAP manufacturer's technical 
>representative (2Wire) that there 1000SW model does allow configuration for
> cloaking of the SSID that is transmitted so no one else can find it. Would
>you  (or others) speak to this? 
>

Charles,

IANAE, but have been doing a lot of reading on the whole security side 
of thing of wireless. I'd love to hear the opinons of some of the 
knowledgeable folks here on this ...

The way I see it, you DO NOT want anything sensitive running on wireless 
without seperate $oftware based security such as VPN. No way that I'd 
run NetBios on wireless. If you are needing only TCP/IP access for 
broadband in a residential setting, probably OK, as anything important 
there (credit card numbers, etc.) will be cloaked in SSL, and I don't 
think anyone would really care to know what you a googling, nor is 
private email likely to be of real interest. For that all you need is 
plain 802.11b, plenty of bandwidth.

In answer to your questions, you should suppress broadcasting of your 
SSID, and you should limit access to certain MAC IDs, but your SSID and 
MAC address (MAC ids can be simulated) are easily ferrited out by 
listening in on active transmissions. Your WEP codes (even 128 bit) can 
be learned in a few short days using AirSnort or the like.

So a determined hacker could easily get into your data stream if they 
wanted to.

At present, other than software security on top of your data stream, 
your best defence is having nothing of value there.

* Orest


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

To unsubscribe from this list, send a message to
steward@2rosenthals.com with the command
"unsubscribe os2-wireless_users" in the body
(omit the quotes).

For help with other commands, send a message
to steward@2rosenthals.com with the command
"help" in the body (omit the quotes).

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=