|
This is in response to Brian Krebs and his excellent work for the Washington Post.
Anyway, I figured the post would disappear in a few days so I'm putting it here. I might start doing more of these...
hi again, just a quick follow up.
as has been noted, the fundamental 802.x protocols make MAC addresses visible.
the solution which has not been specifically noted for secure wireless
is to define by IP address friendly traffic, and to drop everything else (everything) on the floor.
easier said than done, but eminently worthwhile.
one problem I have with wep is that is slows stuff down as well as being trivially crackable,
not because I or anyone else is that smart, but because the tools are easily accessible to do it.
I do this because I can and I know how, but implementing this for home systems is both
commercially and educationally impractical.
You are essentially causing events to happen based on a model of expected traffic appearing
on possible points of entry to and from your network.
The difficulty is that we don't live in the world of 30 years ago when it was expected that
computer owners would want to learn to tell the machines what to do.
Computer owners are largely passive and see the devices are extensions of entertainment
domains, not as controllable subservient systems.
To be able to get a complex system like your computer to do exactly what
you want in a verifiable, repeatable and predictable way requires patience and
dedication; perseverance isn't generally a trait of those seeking quick entertainment
in my view, and is unlikely to suddenly manifest itself spontaneously.
You are sold easy, fast and cool, not complicated, difficult, challenging and frustrating.
There are thousands of people who can fix tvs, and program effective firewalls.
There are many millions of people who just want to get their entertainment.
It's incumbent on the programmers to use that opportunity to develop a drop in,
easy solution to wireless security.
Porting over my solution to a commercial $50 NAT router which would set itself up with a
few questions might not make anyone more than a few bucks in a typically
undemanding security marketplace.
|