Mailing List os2-wireless_users@2rosenthals.com Archived Message #4493 previous message next message back to list

From: Orest Skrypuch <os2-wireless_users@2rosenthals.com> Full Headers
Undecoded message
Sender: os2-wireless_users-owner <os2-wireless_users-owner@2rosenthals.com>
Subject: OS/2 Wireless Users List: Still Don't Ge
Date: Thu, 31 Jul 2003 15:05:16 EST5EDT4,M4.1,M10.5
To: os2-wireless_users@2rosenthals.com

Charles McCallister wrote:

Jonas, PMJI, but: > MAC?  Why do you need that for?  I've tested all those > cards over here  (black ones @ > http://www.os2warp.be/index2.php?pageid=2&sub=9) and I > never needed to mess up with that thing... I was curious when I saw you mention this. I'm thinking that to limit
access  to one's WAP you would limit usage to certain MAC addresses of
those machines  you would allow, rejecting any others. Is this not correct?
The reason I ask  is that is exactly what I am planning to do, allow only
one MAC address, the  one to my Thinkpad. Also, I confirmed yesterday with my WAP manufacturer's technical representative (2Wire) that there 1000SW model does allow configuration for
cloaking of the SSID that is transmitted so no one else can find it. Would
you  (or others) speak to this?

Charles,

IANAE, but have been doing a lot of reading on the whole security side of thing of wireless. I'd love to hear the opinons of some of the knowledgeable folks here on this ...

The way I see it, you DO NOT want anything sensitive running on wireless without seperate $oftware based security such as VPN. No way that I'd run NetBios on wireless. If you are needing only TCP/IP access for broadband in a residential setting, probably OK, as anything important there (credit card numbers, etc.) will be cloaked in SSL, and I don't think anyone would really care to know what you a googling, nor is private email likely to be of real interest. For that all you need is plain 802.11b, plenty of bandwidth.

In answer to your questions, you should suppress broadcasting of your SSID, and you should limit access to certain MAC IDs, but your SSID and MAC address (MAC ids can be simulated) are easily ferrited out by listening in on active transmissions. Your WEP codes (even 128 bit) can be learned in a few short days using AirSnort or the like.

So a determined hacker could easily get into your data stream if they wanted to.

At present, other than software security on top of your data stream, your best defence is having nothing of value there.

* Orest


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

To unsubscribe from this list, send a message to
steward@2rosenthals.com with the command
"unsubscribe os2-wireless_users" in the body
(omit the quotes).

For help with other commands, send a message
to steward@2rosenthals.com with the command
"help" in the body (omit the quotes).

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster