Homepage
Forum
Drivers
HMM
MTM
Feed
This is very bad advice. Here's why:With regards to your WPA issues I can offer the following suggestion.
Turn off WPA.
Hide your SSID (i.e. do not broadcast it)
Turn on MAC address authentication in your Wifi router.
If you must encrypt at this point (not terribly necessary for a home connection) then go for WEP or upgrade your wifi card.
With MAC address filtering and no SSID broadcast your network will be mostly secure from script kiddies and war drivers. It won't stop a dedicated hacker, but then again most people like me who hack wifi don't bother with man in the middle attack and TCP redirects against a home user.
1) Disabling SSID broadcasting is not a security measure. Kismet, KisMAC, Netstumbler, etc. will all happily detect and reveal so-called "hidden" networks. This presents about as much of an impediment to an attacker as putting a sign with "Don't use my network" in your front yard.
2) MAC address filtering is also worthless. It's usually trivial to change a NIC's MAC address, so again all you're doing is giving yourself a false sense of security.
3) WEP is very, very easy to break. Usually less than 5 minutes with modern hardware/software. It may make you feel safe, but it won't do a darn thing to stop anyone using any one of a number of freely-available software packages.
But why should you care? After all, it's just a home network, right? Here are some examples of what can happen if your network is compromised:
1) Most of what you send and receive is probably not encrypted. Most folks don't use SSL for their e-mail, and a number of major IM networks don't use encryption by default (AIM and MSN, for example). Almost everything you browse is sent "in the clear" -- and all of that can easily be observed by someone on your wireless network. Even sites that should use encryption don't -- if you use the same password here as anywhere else, for example, you're toast: forum.thinkpads.com doesn't secure its login form, so anyone who observes you logging in to this site may gain access to other accounts...
2) Someone can join your network and download copyrighted material or, even worse, highly illegal things (example: child pornography). If the authorities come knocking you might find it quite difficult to prove it wasn't you -- it was your network, after all, and it is your responsibility.
3) Someone on your network can tamper with traffic. This leads to *very* bad things. Unlikely? Well... less likely than #1 and #2, but not unheard of.
Bottom line: enabling WPA2/AES-CCMP is a must. If your card doesn't support it or only supports WPA/TKIP, get a new card. If your distro has bugs, get a new distro. Otherwise you're just asking for trouble.
