[tcwug-list] Security and wireless - was E-Democracy discussion

Thu Jun 23 10:14:45 CDT 2005

Scott -

I'll bow to most of your expertise and destruction of my straw man
arguments.

I'd like to change the topic of the conversation to something a lot less
political, and much more a current problem for current wireless users.

You said:
"I would be interested in anyone who thinks that WPA2 with either TKIP
or CCMP alongside a EAP-PEAP/EAP-TTLS authentication implementation is
unworkable for security.  Yes, this does mean that anything older than
XP or Windows 2000 needs a client.  OS X users would be forced to use
panther or a client.  Unless you've actually tried this stuff out its
very hard to say its 'insecure as hell'. "

Until just last week, my experience with wireless has been coffee shops
that provide "free" connectivity.  Generally speaking, I've been nervous
about using them unless I'm either just browsing the net and don't
really care what anyone sees me doing, or I'm locked into the corporate
VPN that theoretically makes my airborne traffic secure anyways.

I just upgraded my Qwest/Actiontec DSL modem to the latest that includes
a built in wireless A/P.  Security is configurable in the standard
Actiontec browser based management console, but as far as I can tell,
I've the choices of WEP, 802.1x(?), and WPA.  (Forgive me if I goof -
I'm working off of memory here).

As a home user who wants to lock down his home wireless network, what's
the easiest way to do this?  I would guess that WPA2 with the alphabet
soup of accompanying acronyms is secure, but is it workable for a normal
end user?  Is WPA sufficient?

Do I need a backroom server to manage all that stuff?  

I'd like to know because I don't want to turn this on and render the
rest of my home net vulnerable to anyone driving by with a wireless NIC
and a bad attitude.  

I appreciate your experience on this issue, and anyone else that'd care
to contribute, 'cuz I'm really in the dark about it. 

(I'm in the dark about politics too, but that doesn't stop me from
making an ass out of myself).

- Nick

-----Original Message-----
From: Scott Dier [mailto:dieman at ringworld.org] 
Sent: Thursday, June 23, 2005 10:02 AM
To: Ryberg, Nicholas
Cc: tcwug-list at tcwug.org
Subject: Re: [tcwug-list] THURS: International E-Democracy Event

Ryberg, Nicholas wrote:

> themselves.  From what I hear about proposals for the Mpls project, 
> end users will have to pay a fee, just like they do to use wireless at

> Starbucks and Caribou, and that fee will be more than typical DSL 
> broadband service.
>
'typical DSL broadband', meaning narrowband 256kbps or 1.5mbps/256kbps?

$25-30 (depending on modem rental or purchase) a month is the cheapest
narrowband in the area as far as I know (excluding taxes and fake
provider imposed tax-fees).  This is also via Qwest which may not even
be servicing the entire city depending on the state of the wire plant.  
.
.
.
Remainder clipped for brevity