Forgot your password?

Home wireless security level?

Displaying poll results.
Open network: Internet should be free for all!
  1751 votes / 5%
WEP encryption: Waiting to be compromised
  967 votes / 2%
WPA/WPA2 encryption: Should be secure
  18874 votes / 53%
WPA/WPA2 w/ hidden SSID: A bit more secure
  3840 votes / 10%
Ditto, but w/ MAC whitelist: A tough tighter
  3300 votes / 9%
Ditto, but DHCP disabled: Wireless fortress
  1021 votes / 2%
Wired connection or powerline Ethernet only
  1908 votes / 5%
Whatever my neighbors are using
  3301 votes / 9%
34962 total votes.
[ Voting Booth | Other Polls | Back Home ]
  • Don't complain about lack of options. You've got to pick a few when you do multiple choice. Those are the breaks.
  • Feel free to suggest poll ideas if you're feeling creative. I'd strongly suggest reading the past polls first.
  • This whole thing is wildly inaccurate. Rounding errors, ballot stuffers, dynamic IPs, firewalls. If you're using these numbers to do anything important, you're insane.
This discussion has been archived. No new comments can be posted.

Home wireless security level?

Comments Filter:
  • by Soulskill (1459) Works for Slashdot on Friday August 02, 2013 @11:00AM (#44456461) Homepage

    Restarted this poll to fix comments. Apologies for the lack of comments on the previous one.

  • by danbob999 (2490674) on Friday August 02, 2013 @11:10AM (#44456565)

    Is it so hard to spoof a MAC address? I wouldn't call that security.
    Also hidden SSID is a bad idea, period.
    http://blogs.technet.com/b/networking/archive/2008/02/08/non-broadcast-wireless-ssids-why-hidden-wireless-networks-are-a-bad-idea.aspx [technet.com]
    WPA2 with CCMP-only encryption is good enough. Added security comes from a random SSID and good password.

  • by a-zarkon! (1030790) on Friday August 02, 2013 @12:49PM (#44457863)
    Disabling SSID Broadcast should not be considered more secure than standard WPA2/PSK. Clients configured to connect to a hidden SSID will beacon constantly to see if that SSID is available. Take a look at Hotspotter to see if you can figure out why that might not be a great idea. Also, whether you are broadcasting SSID or not, your network is pretty easily found by anyone who is actively looking for wireless networks in the area. This equates to introducing a potential vulnerability for your client systems and no increase in security for your network - so broadcast away. Your best bet is a complex pre-shared key. Change it once in a while if you're paranoid. Tunnel over VPN or SSH if you're really paranoid.
  • by stewsters (1406737) on Friday August 02, 2013 @02:05PM (#44458963)
    Yes, disabling wps is a more important step than mac address filtering or disabling the dhcp server.
    A link for those who don't Google [google.com]
  • by a-zarkon! (1030790) on Friday August 02, 2013 @02:36PM (#44459351)

    Yes. The point I'm trying to make is that if:
    1) You set your SSID to "my_secret_ssid" and then disable broadcast
    2) You configure your laptop to connect automatically to "my_secret_ssid" and check the box that this is a non-broadcast ssid

    Then
    3) Every time you bring your laptop to work or the airport or the donut shop, it will start beaconing to look for "my_secret_ssid".

    Evil nefarious types have the tools to look for those beacons and automatically reply with "my_secret_ssid" to trick your machine into connecting to them. Theoretically they can then pass this connection to a legitimate network connection, but leave themselves in the middle. You and your laptop won't necessarily know that this has happened.

    How to avoid this: Don't automatically connect to wifi, and don't configure non-broadcast SSIDs on your machines any longer than you need to.

  • by Carnildo (712617) on Friday August 02, 2013 @05:37PM (#44461407) Homepage Journal

    Your SSID gets used as part of the encryption process. By ensuring it's unique, an attacker can't use rainbow tables to attempt to recover your password.

  • by msauve (701917) on Sunday August 04, 2013 @07:45AM (#44469301)
    Whoosh.

    The poll choices included:
    WPA/WPA2 w/ hidden SSID: A bit more secure
    Ditto, but w/ MAC whitelist: A tough tighter
    Ditto, but DHCP disabled: Wireless fortress


    All of those were built on WPA/WPA2 encryption. Since it flew over your head, the OP was simply pointing out that non-broadcast SSIDs, MAC filtering, and requiring static IP configuration adds no additional security, since anyone able to get past the first hurdle will find it trivial to get past the rest. The choices, by implying that things get more secure, are misleading.
  • by wolrahnaes (632574) <(sean) (at) (seanharlow.info)> on Sunday August 04, 2013 @11:17AM (#44470053) Homepage Journal

    The point is that anyone attacking WiFi in any way is using passive monitoring tools. Those will see your AP no matter if it broadcasts or not. Those will also see any clients, and thus already have a list of valid MACs.

    Even more fun, any computer that is set to automatically connect to a "hidden" AP is constantly broadcasting looking for it whenever not connected. So your computer, phone, etc. advertises the existence of a "hidden" AP everywhere you go. Probably impacts battery life too.

    Even old-school Netstumbler would show the active clients.

    MAC filtering, SSID hiding, etc. are all below WEP64 in terms of security. They can only be considered worthwhile in a situation where for whatever reason (shitty old client device you can't replace usually) you absolutely must have an open AP but want to have it at least be a slight challenge to access.

    If there is any encryption at all, even the trivially broken WEP64, none of those things add anything as literally every single person who could crack even that can bypass the rest.

    It's the same sort of cargo cult "security" technique as the fuckwits who disable ICMP on their routers and think that makes them invisible on the internet rather than just being a pain in the ass to diagnose network problems.

  • by FridayBob (619244) on Sunday August 04, 2013 @07:02PM (#44472557) Homepage
    Missing option: WPA2 Enterprise using FreeRADIUS (and DD-WRT firmware on the access points). Because you just can't be too sure these days.

HOLY MACRO!

 



Forgot your password?
Working...