Andrew M. Hoerter wrote:
> On Tue, 30 Mar 2004, Kat wrote:
>
>> time. Back to the point of discussion- security. After
>> reading several articles about this subject, it seems
>> that my only real option if I am paranoid (which I'm
>> not, really) or if I access hot spots (which I don't)
>> would be a VPN -
>
> Well, if you count ssh or stunnel forwarding as a VPN, it needn't be
> anywhere near as complicated as setting up IPsec.
>
> I have a wireless net at home, and here's what I do:
>
> a) Turn off SSID broadcasting
> b) Enable WEP
> c) Enable MAC address filtering (only permitted MAC addresses can
> associate)
> d) Use SSH to access resources on the wired network
>
> And, my wireless AP directly connects to a separate interface on the
> firewall, so that I can easily create a different policy for that
> network.
>
> The first three security measures above simply raise the bar a little
> for a successful attack, d) is what I depend on for true security.
> Anything sensitive gets forwarded over an SSH link. No complex setup
> required.
>
> Perhaps a "real" VPN (something like IPsec) would make more sense for
> a permanent wireless bridge between two wired networks, or something
> like that, but for home use there's no need to bother.
I think that you are correct, I would use these same applications for
a wireline environment. I have been doing wireless data now for
30+ years. (back then we called it RTTY or RATT and the speeds were
45, 50 and 75 baud. 100 was considered warp speed back then and the
devices were mechanical tty's like model 15's 19's and 28's) I think
that because it is like driving on bad highway people are more careful
but I have found that you will get more trouble on the wired environment
because people do not realize the screen doored submarines that your
data rides on over the "wire line" environment, things like microwave
links, demark cabinets with the lock violated, cable closets with no
lock on them. You see you do not need to get into the data stream just
near it (can you say "Tempest"?) to grab the data. All those little
square waves create quite a ruckus in the near field around the
conductors carrying them. Fibre is the best bet in terms of radiation
as it is very clean compared to wire. CRT's are also a gold mine for
the snooper that knows how to gather the data from the electrical
field a CRT (your common garden variety non-LCD monitor) and even the
LCD type devices can generate a racket that would make a spook happy.
I have a Toshiba laptop that puts out RF noise on several frequencies
and it will fully quiet a FM radio at 100 feet distance on the right
frequencies. That noise has the screen data in it, and could be used
to grab those screens.
Do you use cable as your internet connection, if so your data goes
into every house off of your node along with yours. (Remember how you
can see every Windows box that is on your local node if they have
not blocked that stuff from going out on the internet side of their
connection?) Secure on any network is what you make it.
ASSUME ALL NETWORK CONNECTIONS TO BE INSECURE AND BUILD FROM THERE.
Do not be paranoid just remember that regardless of the medium they
all have the same problems it is just that wireless LOOKS more open.
If you really want to keep it secret you will hand carry the data to
your recipient. Beyond that just exercise proper caution on any open
network connection.
Chuck Hast
-------------------------------------------------------------------------
To paraphrase my flight instructor;
"the only dumb question is the one you DID NOT ask resulting in my going
out and having to identify your bits and pieces in the midst of torn
and twisted metal."
*****************************************************************
This e-mail and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom it is
addressed. If you have received this transmission in error, please notify
the sender immediately and destroy any hard copies you may have printed and
remove all copies of the e-mail from your hard drive. Opinions, conclusions
and other information in this message that do not relate to the official
business of Utility Partners, Inc shall be understood as neither given nor
endorsed by it.
Visit us on the web at http://www.utilpart.com
*****************************************************************
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:50:10 EDT