Re: A PM I just got.
[ QUOTE ]
Yes, this router should be fine, and you can easily make it secure.
[/ QUOTE ]
I disagree unless that model is authenticating to a separate RADIUS server. Typical "securing" advice for wifi usually states disabling SSID broadcast (does NOTHING for security...SSID's are still in packets and easilly sniffed), MAC filtering (which is trivial to ARP-poison and spoof), WEP is a joke easilly crackable in 5 mins. WPA is better...but still only as good as the passphrase and easilly brute-able if you're using a pronouncable word w/ numbers. Better if mixed case, not pronouncable, and contains punctuation. Better yet if containing extended ASCII chars.
Even doing everything possible to most SOHO wifi routers, you can't protect against a DoS attack from any punk kid w/ a pringles can a mile away in line-of-sight.
I just can't justify adding the risk simply to have one less wire on the floor. Perhaps the risk can be small, but why risk 100% of your online funds (and possibly worse) even if you feel it is a 0.001% chance of being compromised? What's the upside? One less wire? Not worth it to me. YMMV and that's fine...I just think people should be aware of the risks and telling them "<blah> can be easilly secured" is grossly misleading.
No disrespect meant, Sam, but once you've had to clean up other people's messes from *not* securing networks adequately, you tend to place a higher value on not willfully opening holes...especially ones that can be exploited 24/7 from over a mile away.
|