networking between fedora and macos

Scot L. Harris webid at cfl.rr.com
Sun Jan 16 17:08:46 UTC 2005 

On Sun, 2005-01-16 at 01:44, Jeff Vian wrote:
> On Sun, 2005-01-16 at 01:06 -0500, Scot L. Harris wrote:
> > On Sun, 2005-01-16 at 00:56, Jeff Vian wrote:
> > 
> > > 
> > > FTP ?
> > > 
> > > Maybe set up ftp server on one or both and then use one of the many ftp
> > > clients to connect and transfer the files. Wget will also work for that,
> > > as will rsync if you are interested in making exact copies. 
> > 
> > I advise against using ftp to move files over a wireless network.  Worst
> > case is if you are not use wep then your passwords are in the clear on
> > the air waves for anyone that happens to be sniffing to see.  Even if
> > you are using wep someone could have monitored your network long enough
> > to break the wep key (assuming the key is not changed very often if at
> > all) and again will see your passwords passed in the clear.
> > 
> 
> And sftp does not fit that security paradigm?  It uses ssh as well, so
> IMHO should be as safe as scp.
> 

sftp is fine, as you said it utilizes the same encryption as ssh/scp.  I
just did not mention it in my earlier post.  :)  sftp would provide
acceptable protection.  The trick is to keep the password from being
passed in the clear.  Any scheme that does that in a secure way is good.

> The OP implied he just got his wireless setup, so time to break the wep
> key would have been minimal so far.  He also implied this would be a one
> time transfer of files.  While I agree with your recommendations for
> long term use, a new network, with wep enabled, and set to not broadcast
> the essid would be relatively secure.  (I don't know his network
> configuration, but sftp would certainly be as secure as scp in the same
> environment.)

Actually breaking wep depends on seeing a certain number of interesting
packets.  Tools like kismet and a few others can sit very patiently
looking for those packets.  If you are pushing a significant number of
files over it you will have enough packets to analyze fairly quickly. 
Wep, even with essid hidden, will keep out the causal hacker and those
that rattle the door latches, but it will not provide that much real
security.  It will keep the honest people honest.  

Another measure the OP should implement is to lock the MAC address of
his laptops on the AP.  Again this is not a perfect form of security but
is makes it just a little harder for the casual hacker to get deeper
into the OPs wireless network.

Paranoia is not a state of mind, it is a lifestyle.  :)

-- 
Scot L. Harris
webid at cfl.rr.com

If a fool persists in his folly he shall become wise.
		-- William Blake

More information about the fedora-list mailing list