>From: Julian Bond <[EMAIL PROTECTED]> >Date: Fri, 15 Nov 2002 18:10:24 +0000
>Now maybe I'm missing something here, but what really puzzles me about >all this is the belief that a wireless connection can ever be as secure >as a wired connection. And even more than that, that a wired connection >can be treated as implicitly secure. We all use SSL, SSH, VPNs and such >like to access important systems one the internet. Why don't we just do >the same when accessing the same systems over wireless? Well, I do. >It seems as hough the thinking got stuck somewhere that we don't >need to use encryption inside the firewall and when we started using >WiFi we just assumed that we'd be able to do the same thing. Then >when WiFi was exposed as inherently insecure we threw our hands up >in horror at what we'd done and blamed WiFi. My wireless net (here at home) is separate from the wired net. It's still behind my externally-visible firewall, but that same firewall also separates the wired & wireless nets. >... >On the basis that bad security is worse than no security, I'm tending >towards an approach that turns off all security on WiFi. Don't use WEP, >WPA, MAC authentication, IP authentication or whatever else they come up >with. Do all your security at the application level. If you start by >assuming that the transport layer is always insecure, maybe then you'll >be more careful about what you send over it. Well, I use WEP, as well as permit only known MAC addresses (at present) -- but I do this not for security per se, but to avoid accidental associations. Cheers, david (links to my resume at http://www.catwhisker.org/~david) -- David H. Wolfskill [EMAIL PROTECTED] I have no confidence in results obtained through the use of Microsoft products. -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
