Re: Linksys home network problems

On 7 Aug 2006 10:04:25 -0700, "Amanda" <amanda772008@xxxxxxxxx> wrote in
<1154970265.127366.90240@xxxxxxxxxxxxxxxxxxxxxxxxxxx>:

"Such passwords are suitable for systems that limit the number of bad
login attempts an attacker can make and protect the file containing the
encrypted passwords (this is called password shadowing on Unix-based
systems). Unless you are sure this is the case pick a stronger password
following the advice below"

That refers to a password of only 8 characters.

Which refers to a password of only 8 characters? You means the
passwords for systems that limit the number of bad login attempts?

I misspoke -- that actually refers to a password made up of two (and
only two) diceware words joined by a special character, which could even
be as short as only 3 characters, on average about 9 characters, and
might have to be truncated to 8 characters, since that's a not uncommon
limit. Such short passwords are vulnerable to brute force attack, and
should only be used if the system limits the number of bad
authentication attempts. Otherwise the password should be longer and/or
more random.

If you're like most people, ...

I am not like most people:)- ...

OK, OK. :)

Btw, if I want a guest to get onto my wireless network to use internet
via the guest's laptop, what is the procedure I need to do on that
laptop? Just enter "WPA Shared Key:" to give the guest access. I will
have to do it only once, right?

Right. But that compromises your security. Ideally you want a
hotspot-type router that can give them controlled access to the Internet
without needing your wireless key and isolating them from your own
wireless and wired clients.

What of the guest is using his laptop given by his employer "Intel"? Am
a I safer assuming that his laptop has high security? The guest is
staying at my place temporarily.

There are two different security issues:

1. Wireless security. His laptop might well have high security, but
when you give him your key, there's a risk that he might inadvertently
give it to someone else. There are a number of ways to deal with this:

(a) Change your passphrase after he leaves. This is the least you
should do.

(b) Use a hotspot-type router with different security zones, putting
him in a guest zone. Unfortunately, commercial hotspot routers are
typically much more expensive than commodity routers, which is why
I recommended the alternative of running third-party firmware in a
Linksys WRT54GL.

(c) Use external RADIUS authentication on your WLAN. Radiuz
<http://radiuz.net> is a free service that I haven't used myself but
reportedly works well. You can give create a special account for your
guest, and delete it when he leaves. This also works well with 1(b)
above.

2. LAN security. Even if he's a good fellow that won't misuse access to
computers on your LAN/WLAN, his computer might be unknowingly infected
with malware (virus, trojan, spyware) that could. Again, there are a
number of ways to deal with this:

(a) Secure your LAN. What to do is covered in the How To wiki below.
This is the least you should do.

(b) Use a hotspot-type router with different security zones, putting
him in a guest zone that can only access the Internet. See 1(b) above.

The solution I most often recommend to those on a tight budget is
third-party firmware in a Linksys WRT54GL, with either tinyPEAP
<http://www.tinypeap.com> or Radiuz (1(c)).

The least expensive way to do that is with third-party firmware in supported
hardware like the Linksys WRT-54GL.

That third-party firmware is not supported in WRT 54G, right?

It is supported in some models, but poorly or not at all in other
models.

What "L"
stands for in WRT-54GL.

"L" is presumed to stand for Linux, the free open source operating
system used in some models of the WRT54G.

See <http://en.wikipedia.org/wiki/WRT54G> for more info.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
.

Relevant Pages

  • Re: Linksys home network problems
    ... That refers to a password of only 8 characters. ... But that compromises your security. ... What of the guest is using his laptop given by his employer "Intel"? ... Use a hotspot-type router with different security zones, ...
    (alt.internet.wireless)
  • Re: Getting to the bottom of MSDE network connection problems ...
    ... Brilliant, Nick, especially the explanation for local network user being ... authenticated as GUEST in WinXP SP2. ... > on a desktop OS like XP (meaning that, you can not compare SQL Server ... > again and selected the security tab. ...
    (microsoft.public.sqlserver.msde)
  • [REVS] CRLF Injection
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... two commonly used non-printing ASCII characters. ... additional fake log entry. ... E-mail headers, news headers and HTTP headers all have the structure "Key: ...
    (Securiteam)
  • [Full-disclosure] Re: What A Click! [Internet Explorer]
    ... > tell your windows to open .HTA files in notepad. ... > (since there are more ways to cover windows with malicious lookalikes). ... >> Using custom Microsoft Agent characters it is possible to cover any kind ... including security or download dialogs. ...
    (Full-Disclosure)
  • [NT] Address Bar Spoofing Attacks Against Microsoft Internet Explorer 6
    ... Get your security news from a reliable source. ... Address Bar Spoofing Attacks Against Microsoft Internet Explorer 6 ... i.e. it's different than the ASCII similar characters ...
    (Securiteam)
Loading