-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[Hmm, I just saw that this thread got {SPAM} in it from my post. I've never
even typed it like that... Wonder how it ended up there?]
On Wednesday 31 March 2004 10:51 am, wchast@utilpart.com wrote:
> Andrew M. Hoerter wrote:
> > Well, if you count ssh or stunnel forwarding as a VPN, it needn't be
> > anywhere near as complicated as setting up IPsec.
> >
> > I have a wireless net at home, and here's what I do:
> >
> > a) Turn off SSID broadcasting
> > b) Enable WEP
> > c) Enable MAC address filtering (only permitted MAC addresses can
> > associate)
What really sucks (from a security point) is that it's totally easy to get
NICs with programable MACs. Hell, there's even tools that lets you give out
a different one at your whim.
> > d) Use SSH to access resources on the wired network
> >
> > And, my wireless AP directly connects to a separate interface on the
> > firewall, so that I can easily create a different policy for that
> > network.
That's a really good way of using it.
> > The first three security measures above simply raise the bar a little
> > for a successful attack, d) is what I depend on for true security.
> > Anything sensitive gets forwarded over an SSH link. No complex setup
> > required.
Ssh is such a nice tool.
> > Perhaps a "real" VPN (something like IPsec) would make more sense for
> > a permanent wireless bridge between two wired networks, or something
> > like that, but for home use there's no need to bother.
Ssh really is a real vpn. It's just tailored to be a swiss army knife of
secure communications. It goes through very similar "hoops" as IPsec does.
> I think that you are correct, I would use these same applications for
> a wireline environment. I have been doing wireless data now for
> 30+ years. (back then we called it RTTY or RATT and the speeds were
> 45, 50 and 75 baud. 100 was considered warp speed back then and the
> devices were mechanical tty's like model 15's 19's and 28's) I think
> that because it is like driving on bad highway people are more careful
> but I have found that you will get more trouble on the wired environment
> because people do not realize the screen doored submarines that your
> data rides on over the "wire line" environment, things like microwave
> links, demark cabinets with the lock violated, cable closets with no
> lock on them. You see you do not need to get into the data stream just
> near it (can you say "Tempest"?) to grab the data. All those little
> square waves create quite a ruckus in the near field around the
> conductors carrying them. Fibre is the best bet in terms of radiation
> as it is very clean compared to wire. CRT's are also a gold mine for
> the snooper that knows how to gather the data from the electrical
> field a CRT (your common garden variety non-LCD monitor) and even the
> LCD type devices can generate a racket that would make a spook happy.
> I have a Toshiba laptop that puts out RF noise on several frequencies
> and it will fully quiet a FM radio at 100 feet distance on the right
> frequencies. That noise has the screen data in it, and could be used
> to grab those screens.
>
> Do you use cable as your internet connection, if so your data goes
> into every house off of your node along with yours. (Remember how you
> can see every Windows box that is on your local node if they have
> not blocked that stuff from going out on the internet side of their
> connection?) Secure on any network is what you make it.
>
> ASSUME ALL NETWORK CONNECTIONS TO BE INSECURE AND BUILD FROM THERE.
> Do not be paranoid just remember that regardless of the medium they
> all have the same problems it is just that wireless LOOKS more open.
>
> If you really want to keep it secret you will hand carry the data to
> your recipient. Beyond that just exercise proper caution on any open
> network connection.
>
>
>
> Chuck Hast
Yes, all these electronic devices we use put out a radio frequency that can
and is being used to tap information. The only possible disagrements I have
is that it's not just about protecting your own information. It's also
about not becoming part of someones criminal activities against you and
others. And there's no doubt about how much more insecure WiFi is.
I see the issue being more about a conceptual understanding and philosophy
that reflects a "way of life". I'm not a bit paranoid or worried about
anything. I simply don't worry, it's something I'm not interested in. But I
don't purposfully leave my front door open at night. I take what I consider
normal precautions, which of course is based on my experience.
The fact that cryptogrophy seems esoteric and far out left field, does not
stop the fact that a lot of people can and is using it with ease. Having
hung out with underground hackers as part of my job I can say that our
moral code does not apply to these guys. If you have made it easily
available then they have the right to take/use it. The line of ownership is
gone entirely.
What we (over 40) knew and grew up with is pure kids stuff today. The scene
has changes something dramatic in the last five to ten years. (As of course
it has been doing all along.) My bleeding edge was to write my own printer
driver (there were no printer drivers) and write the code to be able to
stop the floppy drive from spinning when I was done with it. Adjusting the
azimut angle of the head on the floppy drive so it would continue to read
and write the same track was top of the line.
All the kids today grow up with all this new bleeding edge readily available
for free. They are taking advantage of it just like we used to.
Now I don't really have any state secrets on my LAN, but I'd feel very
violated if I found someone had "owned" my systems. Made me part of some
nefarious activity without my knowledge. Or used my resources for their own
criminal gain. And I've never met someone who did not want to immediately
close the "door" someone else used to hack them. Most of those who never
cared too much ended up regretting not having cared enough later.
But like we said before, security is all about tradeoffs.
I love the idea of being able to sit down anywhere with my laptop etc, and
do what I need to. That's really cool! Being hacked and maybe wiped out is
not. Wires are not that bad. (Mind you, I've never even been tempted so I
could end up taking it as a real loss if I could not use WiFI.)
- From my point of view I have a distinct dislike to crime and the value of my
integrity does not match the liabilities...
Last time I simply showed someone what their email password was they freaked
out, and it's in plain text most of the time.
Not entirely on topic but ever so close... Sorry.
- --
Steve
"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAa1N/ljK16xgETzkRAjsxAKDRVXwFmImJ6aPaOMrq6RZqTGXVOwCfWYc9
vEA6t6D30OqHCWpW0XQXHUQ=
=wTyK
-----END PGP SIGNATURE-----
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:53:22 EDT