The UK Home Automation Archive

Archive Home

Group Home

Search Archive
Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024

[Message Prev][Message Next][Thread Prev][Thread Next][Message Index][Thread Index]

Re: RE: Wi-fi Security

Subject: Re: RE: Wi-fi Security
From: Andy Powell <ukha@xxxxxxxxxxxx>
Date: Tue, 17 Mar 2009 07:42:32 +0000
References: <49919907D183C444BF2FAA80FDDCF7CF1F914F@xxxxxxxxxxxxxxxxxxxxxxx> <21B959B2F371BD4D971E9DD3856D75E82A5B1F2E4D@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <49919907D183C444BF2FAA80FDDCF7CF1F9150@xxxxxxxxxxxxxxxxxxxxxxx>

On 16 Mar 2009, at 22:38, Rob Mouser wrote:

> Hi Mike
>
> Yes, I already filter access by MAC address but I have read that MAC
> addresses are very easily spoofed?
> Or am I just reading too much hype on all this security malarkey?
>
> Rob
>
>

MAC address filtering should only really be used with other things.
MAC addresses can be very easily spoofed, it's not just hype - my
current favourite is 00:DE:AD:BE:EF:00. The only thing you will get
from MAC address filtering is preventing *accidental* connections by
your neighbours or passers by. WEP security can be broken in minutes -
and not just minutes - sometimes just seconds ( < 10 ). Have a look at
this: http://www.securityfocus.com/infocus/1814
or http://tinyurl.com/5mexu

I'm sorry if this worries you but everyone really be aware of the
truth for your own good. First up, If you have a separate wifi router
that's only going to run wep stuff it in your DMZ for a start.

At the risk of being branded an advert Routerboards can do some pretty
cool stuff with wifi, creating multiple virtual access points with 1
card and authentication. We have them at Linitx, speak to Nick about it.

There are other options, you could run captive portal so that even if
your wep was hacked the hacker gets presented with a web based login
screen (the remote supports web pages?) . I did a quick search for
windows captive portal  - assuming you're a windows user - but didn't
get a great deal, pfsense has it and I think m0n0wall too. Another
option is, if the remote control can support it, is to create your own
certificate authority and issue client certificates - this would mean
you couldn't connect to the web server without a certificate. This
however assumes that you really have a firewall/filtering between this
wifi network and your other network, simply to block everything other
than web traffic. Oh and that you only need to serve web traffic via
that connection.

Of course you could use a combination of things from this, just to
make someone else's wifi look much more attractive than yours.

---

Andy Powell / ScaredyCat / FuzzyCat

Twitter: http://twitter.com/ScaredyCat
Blog: http://blog.automated.it
Site: http://www.automated.it

------------------------------------

References:
- Wi-fi Security
  - From: Rob Mouser
- RE: Wi-fi Security
  - From: Mike Griffiths
- RE: RE: Wi-fi Security
  - From: Rob Mouser

Prev by Message: RE: Wi-fi Security
Next by Message: Text to X10 gateway?
Previous by thread: Re: RE: Wi-fi Security
Next by thread: RE: RE: Wi-Fi Security
Index(es):
- Message
- Thread

UKHA_D Main Index | UKHA_D Thread Index | UKHA_D Home | Archives Home

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.