George Ou repeats his comments about dumb wireless security advice. Unfortunately I have to disagree, much of this advice isn't stupid. It's just needs to be taken in context.
While he's right that WPA-PSK is the most fundamental part of securing your network, not everybody uses strong passwords. What's more, many old units don't support WPA or turn off encryption to get a performance boost. It doesn't help that many wireless routers don't come with WPA enabled.
MAC Filtering
We tend to do this because it does add another layer of security. If the customer turns off encryption (and the buggers do) they are still protected from the next door neighbour. I would agree that administering a large network with MAC filtering would be a pain, but most of our customers only have a handful of wireless devices.
SSID hiding
I'll agree with George here, SSID hiding is pointless as most wireless software will still show the network, albeit without a name. To make matters worse, many devices won't work properly without the SSID. We find Netgear equipment loathes hidden SSIDs.
LEAP authentication
I don't know much about LEAP, we've never had to deal with this. So I'll have to defer to George's superior knowledge.
Disable DHCP
Like MAC filtering, this would be a pain if you had a large network. In smaller networks, it's a pain if you have laptop users moving to different locations. Generally we recommend restricting DHCP ranges and reserving IP the addresses within that range to specific machines.
Antenna placement
This one we don't often do because usually we're just thankful we can get a signal and we're loathe to play with the bugger. Restricting leakage makes sense to me though. Why put out more signal than you need?
George misses a number of points. Firstly, the biggest problem with wireless networks is casual hitchhikers. All of these aspects stop them.
He also assumes WPA is near impossible to crack, while this might be so it's still possible for a determined hacker or intruder to find the password using other means. What's worse is disaffected employees or disposed laptops might still have the keys saved.
His example of the doorman is instructive of George's view: Sure, a doorman ticking off names won't stop a Frank Abagnale, Kevin Mitnick or George Ou getting in, but it will stop 99% of the potential gatecrashers. What's more, ticking off lists might alert management to the presence of gatecrahsers.
What we have to accept is that wireless networks are not as secure as wired networks. Wireless networks are convenient but that convenience comes at a cost.
Thursday, March 29, 2007
Windows Genuine Activation: It's back!
Microsoft didn't release any security patches this month, but it appears they did update their Windows Genuine Advantage Notification tool.
A few months back we explained to our newsletter subscribers how to disable the tool. This thing is a buggy pain which further shows how Microsoft are losing the plot in their quest to capture every dollar. We don't like it and it causes our customers grief.
So imagine my delight when the thing starts appearing again. Apparently Microsoft upgraded it this month so the previous instruction of "don't ask me again" is now redundant.
To add insult to injury, the thing appears to dob you into Redmond if you choose not to install it.
I really don't understand their mentality. When you start assuming all your customers are thieves, it's time to quit and grow mangoes or something.
A few months back we explained to our newsletter subscribers how to disable the tool. This thing is a buggy pain which further shows how Microsoft are losing the plot in their quest to capture every dollar. We don't like it and it causes our customers grief.
So imagine my delight when the thing starts appearing again. Apparently Microsoft upgraded it this month so the previous instruction of "don't ask me again" is now redundant.
To add insult to injury, the thing appears to dob you into Redmond if you choose not to install it.
I really don't understand their mentality. When you start assuming all your customers are thieves, it's time to quit and grow mangoes or something.
Microsoft further confuse their market
Not content with five different versions of Vista, Microsoft further muddy the waters with Office 2007.
We set up a computer for a client last week. All new machines from our suppliers come preinstalled with a 60 day trial version of Office 2007. It's just a matter of paying for, and registering a licence key.
Or so it appears.
If you choose to buy the Home and Student Edition, however. IT'S A DIFFERENT BLOODY PRE-INSTALL!!!!!!!!!
So, we have to tell our supplier which version of Office the client is going to want to install.
Doesn't that defeat the purpose of preinstalling the thing in the first place?
I'm also uneasy about not getting media for OEM stuff. Microsoft's "buy a backup disk" policy is cumbersome, time consuming and expensive for Microsoft.
It's another example of big IT vendors being penny wise and pound foolish. They might save a few bucks in stopping people re-using OEM disks, but their increased support costs and the generally irritation is going cost them far more.
In fact, I'm so irritated by it, I'm recommending people try Open Office or the Google apps.
We set up a computer for a client last week. All new machines from our suppliers come preinstalled with a 60 day trial version of Office 2007. It's just a matter of paying for, and registering a licence key.
Or so it appears.
If you choose to buy the Home and Student Edition, however. IT'S A DIFFERENT BLOODY PRE-INSTALL!!!!!!!!!
So, we have to tell our supplier which version of Office the client is going to want to install.
Doesn't that defeat the purpose of preinstalling the thing in the first place?
I'm also uneasy about not getting media for OEM stuff. Microsoft's "buy a backup disk" policy is cumbersome, time consuming and expensive for Microsoft.
It's another example of big IT vendors being penny wise and pound foolish. They might save a few bucks in stopping people re-using OEM disks, but their increased support costs and the generally irritation is going cost them far more.
In fact, I'm so irritated by it, I'm recommending people try Open Office or the Google apps.
Subscribe to:
Posts (Atom)