{"id":12429,"date":"2008-05-05T15:27:20","date_gmt":"2008-05-05T22:27:20","guid":{"rendered":"http:\/\/hill-kleerup.org\/blog\/wp\/2008\/05\/05\/security.html"},"modified":"2008-05-05T15:27:20","modified_gmt":"2008-05-05T22:27:20","slug":"security","status":"publish","type":"post","link":"https:\/\/hill-kleerup.org\/blog\/2008\/05\/05\/security.html","title":{"rendered":"Security!"},"content":{"rendered":"
<\/div>\n

So Mary brought her bright shiny new Mac Air with her, and, yes, it;’s very pretty and very thin and all. And then we started getting into the wireless network …<\/p>\n

And I discovered I’d turned off the security at some point a while back and never turned it back on. Oops.<\/p>\n

So since I have to re-enable the security anyway, I decided to do a bit of digging into it. There’s a lot of info out there (e.g.<\/a>) … the question is, what’s reasonable security vs. possible security.<\/p>\n

When I had security put on before, it was MAC-addressed base. I shied away from WEP because it’s always seemed kind of dangerous to set a key and expect to be able to get the machines all set up right to use it (though subsequent experience at my in-laws has shown me how “easy” it can be). MAC-address (using the PC’s network card address) seemed a bit more reliable.<\/p>\n

Now, the fact is, MAC can be spoofed, so if someone knew (or could detect?) the MAC addresses authorized on the network, they could broadcast as though that MAC address and get on the system. Most security types consider MAC authentication as a belt–and-suspenders to use with some sort of encryption.<\/p>\n

The original WiFi encryption was WEP, but it can be cracked. Nearly all security sites say instead to use WPA encryption.<\/p>\n

But … WPA can be cracked, too (though less easily than WEP). And it sounds like it actually slows down connectivity more than WEP (encryption\/decryption always slows things down). And …<\/p>\n

… the fact is, I don’t live in a big apartment in the city with hundreds of guys with WiFi systems all looking to either steal my bandwidth or break into my machine. I don’t see a lot of folks sitting at the curb in my neighborhood, working on their laptop computers, either. <\/p>\n

How much security is “enough”? A security guy would tend to say, “There’s no such thing.” (I know — I’ve had them working for me before.) But there’s a cost to security, in terms of complexity (things breaking) and friction (slowing down connections). If I want the best security, I’ll skip the WiFi and go with cables — but I’m not doing that, so where’s the compromise line here?<\/p>\n

The level of security I want is like a lock on our doors — not enough to withstand a siege (which I don’t expect), but enough so that if someone walks up to the front door of the house during the day and turns the knob, the house isn’t easily open. Similarly, I want something on our WiFi so that if someone’s actually looking around, they see it’s locked with something and don’t bother stealing bandwidth or poking around at computers.<\/p>\n

Any determined burglar can get into our house, given time. We’ve made a decision about the cost\/inconvenience of home security; the same decision needs to be made about our network security. Just saying to throw the most powerful version of encryption and etc. onto our WiFi network is silly if the cost of doing so (fragility and lag) is too high.<\/p>\n

So, faithful readers … should I drop back to just MAC validation? Go to WEP? Step up to WPA? What’s the actual value analysis, vs. simply making the security guys happy?<\/p>\n","protected":false},"excerpt":{"rendered":"

So Mary brought her bright shiny new Mac Air with her, and, yes, it;’s very pretty and very thin and all. And then we started getting into the wireless…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_seopress_analysis_target_kw":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[47],"tags":[],"class_list":["post-12429","post","type-post","status-publish","format-standard","hentry","category-my-computer"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":7448,"url":"https:\/\/hill-kleerup.org\/blog\/2005\/03\/02\/the_cost_of_suc.html","url_meta":{"origin":12429,"position":0},"title":"The cost of success","author":"***Dave","date":"Wed 2-Mar-05 11:05am","format":false,"excerpt":"Now that Firefox has gained so much market share from IE -- it's being targeted more by spyware and pop-up ad writers. Great. The upshot of spyware writers' newfound attraction...","rel":"","context":"In "Spam"","block_context":{"text":"Spam","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/computer-security\/spam"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8102,"url":"https:\/\/hill-kleerup.org\/blog\/2005\/05\/20\/whats_the_frequ.html","url_meta":{"origin":12429,"position":1},"title":"“What’s the frequency, Kenneth?”","author":"***Dave","date":"Fri 20-May-05 6:22am","format":false,"excerpt":"Went out at lunch yesterday, to Best Buy and picked up a D-Link \"Xtreme G\" wireless router (DI-624) to replace the Netgear one that just crapped out on us the...","rel":"","context":"In "My Computer"","block_context":{"text":"My Computer","link":"https:\/\/hill-kleerup.org\/blog\/category\/my-computer"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.hill-kleerup.org\/blog\/images\/netgear_wgt624.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":6451,"url":"https:\/\/hill-kleerup.org\/blog\/2004\/08\/31\/every_vote_coun.html","url_meta":{"origin":12429,"position":2},"title":"Every vote counts?","author":"***Dave","date":"Tue 31-Aug-04 9:43pm","format":false,"excerpt":"A particularly pessimistic compilation of tales where Bright Shiny Electronic Voting Machines have turned out to have not only had errors, but had errors of a magnitude such that the...","rel":"","context":"In "Hi-Tech"","block_context":{"text":"Hi-Tech","link":"https:\/\/hill-kleerup.org\/blog\/category\/hi-tech"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":31886,"url":"https:\/\/hill-kleerup.org\/blog\/2012\/12\/21\/armed-security-guards-a-security-blanket.html","url_meta":{"origin":12429,"position":3},"title":"Armed security guards — a security blanket","author":"***Dave","date":"Fri 21-Dec-12 1:10pm","format":false,"excerpt":"Which appears to be the NRA's Big Answer to school violence. Per Mr. LaPierre at today's press conference:\"With all the foreign aid, with all the money in the federal budget, we can\u2019t afford to put a police officer in every school?\" he asked. \"I call on Congress today to act\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3789,"url":"https:\/\/hill-kleerup.org\/blog\/2003\/03\/27\/the_value_of_sn.html","url_meta":{"origin":12429,"position":4},"title":"The Value of (snort) Trust","author":"***Dave","date":"Thu 27-Mar-03 6:03pm","format":false,"excerpt":"Network registration yahoos -- er, idiots, Veri$ign\/NetSol is in trouble for shoddy security in turning over someone's domain to someone else with a laughable lack of validation. But unlike just...","rel":"","context":"In "Hi-Tech"","block_context":{"text":"Hi-Tech","link":"https:\/\/hill-kleerup.org\/blog\/category\/hi-tech"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":133953,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/07\/26\/making-flying-less-convenient-but-ostensibly-marginally-safer.html","url_meta":{"origin":12429,"position":5},"title":"Making flying less convenient (but, ostensibly, marginally safer)","author":"***Dave","date":"Wed 26-Jul-17 1:46pm","format":false,"excerpt":"Tablets, e-readers, basically anything electronic bigger than a smart phone, will soon have to be pulled out of your bag at the security check. Because that won't slow things down, lead to increased theft, or anything like that.On the bright side, if you are TSA Pre-check, you won't have to\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/12429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/comments?post=12429"}],"version-history":[{"count":0,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/12429\/revisions"}],"wp:attachment":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media?parent=12429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/categories?post=12429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/tags?post=12429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}