Saturday, September 16, 2006

Wireless Security Revised

There have been talks and talks about Wireless Security but what does the average user know and, more importantly, what does he apply?

Last night I logged in a popular technology forum. It's one of those places where users talks with users and help each other.

A while ago there was a talk (in another forum) I participated in which examined whether forums are the new generation of information or just Unreliable Gossip 2.0. From one point of view, forums allow and promote freedom of speech. Anyone from anywhere may say what he/she has to say. No borders, no boundaries and no censorship. On the other hand, that uncontrollable model of information is susceptible to the "psychology of the group". This means that rumors can easily spread, facts can be twisted and ultimately have dozens or hunders or thousands of people misinformed (I might say deceived) just because "everybody else thinks so". That's the problem right there.

When it comes to critical user-to-user advice, how sure can one be he's getting the right info?

Now, let's get back to the popular technology forum and yet another Thread on Wireless Security. A lot of people in there consider WEP secure, some suggest disabling DHCP and applying a hidden SSID setting and the majority considers MAC Filtering as an effective action. Of course the above will only keep out of a Wi-Fi Network users with the same intellectual level as the ones proposing them. Then again such users don't attack other networks. If they are lucky, when they turn on the computer, it will automatically associate to a network and get an IP through DHCP. Determined attackers on the other hand may penetrate these protective measures in no time.

That's why I consider these tips more dangerous and harmful than any malicious hacker.

The reason is they provide a false blanket of security. Most of these people think "if user1 and user2 suggest them, it's ok". Then, these people, when asked by others to contribute, will replay the same false information as if it was their own, completing an endless loop. Finally a more literate user mentioned WPA/WPA2. That's pretty good unless you use a common dictionary word or name as your Pre-Shared Key.

To sum up, it has been my intention to illustrate the present situation among "user communities" on (wireless) security issues. I would never trust (or at least accept "as-it-is") information from Bob235 or PurpleBeast (the names are fictional), why would you?

1 comment:

Weird AL said...

That's a very big problem!Usually the people that give advices in a general forum, have not as many knowledge as they should have.
My recomendation would be to search forums that are made specially for the advice you might want...
General talk forums is like a cafe. Everyone can go there and say whatever they want. But specialized is like a rock bar, only rockers go, and they know what ROCKS!

Weird AL