JD. Brown wrote:
I've got a Linksys here at home, as well ... WRT54G, and the wireless in it is limited with a 128 bit encryption. Of course, it's not the best in the world and a good hacker would be able to get in in about an hour, but then I don't have that much "wireless" activity, that I really need to worry, even I were running the pentagon here :)
They "could" get in. In about an hour, only if you left your Linksys WRT54G wtih the factory defaults and you were running open ports on your computers.
I do agree that 128 bit could be turned up a lot more; But for the most part it's not easily deciphered "just like that!". It takes work, A lot of work with a very, very fast pc and patience! ;( I too, take security measures with my Linksys WRT54G and network in general pretty seriously.
A wardriver can do a lot of damage if you leave your wireless router wide open. Not only to your computer (s), but to some company and using your network for the damage.
Limiting access by IP ... not too secure
Agreed, A very bad idea!
The way I see it, a real hacker is likely to be more tempted to break into a safe, than he is in entering the closet. So, a "safe" is only partial security as it will "draw" the attention of those interested in the breaking. Thus, the way I see it ... physical security is much more important than other types. Breaking up the network, and having proper firewalls and bridges that will limit physical access according to needed security levels.
You can never have enough layers of security. Networking is like an Art and Science. Education is key here. Read,Read,Read!
JD
In my scenario, which is in Silicon Valley, I have 16 people at any one time using my wireless access point. There are over 5 wireless networks within my area (probaly neighbors and such). Many of them are using Linksys. The older Linksys models are reliable, but my newer VPN router has nothing but problems. If offers more security (WPA and in-filter for MAC addresses), but it is not so reliable. When I activate even WEP, 50% of the household cannot connect, and when I activate in-filter, one person cannot connect. So, it is problematic, and because of this, I have to allow the whole freakin' neighborhood to my network. :'( Fortunately, I have been getting a few of these EPIA motherboards (mini-ITX mobos) to help slice up my network, while at the same time save on the electric bill. Before, I have many machines exposed to the neighborhood, but now, I'll have only one web server exposed, while everything else will be hiding behind another firewall. I'll play around with everything, safe and unsafe, but in the long run, I'll find the best most secure solution. IMHO, one just has to be knowledgeable, and migrate to more security without too much sacrifice of convenience. Oh by the way, after looks at OpenAFS, I found that there's a Windows version. This might be pretty cool if Windows works well with AFS, as this would be the most secure, until NFS w/ Kerberos authentication works, or alternatively, use SAMBA3 with Kerberos (don't know what's involved with that route though). -- joaquin