[Ma-linux] WEP, WPA, etc

[Serge Wroclawski]

On Sun, Jun 24, 2007 at 09:03:28PM -0400, Theodore Ruegsegger wrote:

> As it happens I was concerned about my home network since I'm happy to
> say that CSC's is someone else's responsibility.

Sorry, I assumed you were talking about a buisness or organization. 
There's a vast difference (to me) between the two.

In a buisness, the internal network has "secrets", or at the very least, 
network available resources.

A home doesn't work the same way- the secrets reside mainly on the 
computers accessing the network. The other "resource" is the bandwidth 
itself.

In this scenario, if I cared, I'd probably use the encyption that the 
hardware supported. House guests aren't as demanding as visiting 
executives.

As for the poor security of the wireless encryption- it's a matter of 
perspective.

If someone wants to use my bandwidth and they're willing to break the 
encryption, as long as it's not execssive, I won't notice. If they're 
going after my machine, then they'll find there isn't much to go after; 
my home network has very few services running between hosts.

I'll openly admit that my home setup is not equiped to defeat a well 
organized attack, but then, my door has two locks, but I only use one of 
them.


As for your other question about the VPN- the VPN is a bastion host- 
that is a host we place specifically outside our security domain and 
harden as much as possible. At that point, we're at the mercy of the 
application to provide decent security- but this is the same security 
hazard we run when we use SSH or any other program of this type.

- Serge