PLUG-discuss Digest, Vol 150, Issue 9
Stephen Elliott
tnflyfisher at live.com
Mon Dec 11 12:09:26 MST 2017
Is there a PLUG security class this Tuesday?
Stephen Elliott
480.553.1042
________________________________
From: PLUG-discuss <plug-discuss-bounces at lists.phxlinux.org> on behalf of plug-discuss-request at lists.phxlinux.org <plug-discuss-request at lists.phxlinux.org>
Sent: Monday, December 11, 2017 12:00:01 PM
To: plug-discuss at lists.phxlinux.org
Subject: PLUG-discuss Digest, Vol 150, Issue 9
Send PLUG-discuss mailing list submissions to
plug-discuss at lists.phxlinux.org
To subscribe or unsubscribe via the World Wide Web, visit
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
or, via email, send a message with subject or body 'help' to
plug-discuss-request at lists.phxlinux.org
You can reach the person managing the list at
plug-discuss-owner at lists.phxlinux.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of PLUG-discuss digest..."
Today's Topics:
1. RE: Hardening WIFI (Carruth, Rusty)
2. PLUG's end of year party this Thursday! (PLUG Announcements)
3. Re: Hardening WIFI (Ed)
4. Re: Hardening WIFI (Stephen Partington)
5. Re: Hardening WIFI (Aaron Jones)
----------------------------------------------------------------------
Message: 1
Date: Sun, 10 Dec 2017 23:28:41 +0000
From: "Carruth, Rusty" <Rusty.Carruth at smartm.com>
To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
Subject: RE: Hardening WIFI
Message-ID:
<CO2PR04MB23116E42C2320CDF493798569D360 at CO2PR04MB2311.namprd04.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
ONLY 32? Aren’t you allowed 128?
Yeah, for the longest time mine was 128 chars long. VERY nasty when entering new devices… My family finally forced me to make it a little shorter! ;-)
[SMART_HRS_RGB]
Rusty Carruth | Customer Support | rusty.carruth at smarth.com<mailto:rusty.carruth at smarth.com> | https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.smarth.com&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=eoYE1bFpWll6i38N8JhrKCmlInMKfHsqjPv1ZVHzoO8%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.smarth.com%2F&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=4qnByPPfKUvDMNgDmyl7vPVD4Xkk1%2F%2F8hAWVjjEeJqM%3D&reserved=0>
[linkedin] <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F12955027%2F&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=%2F8q4fnCwIJktbJ3YI229IWKOPVmHl6ozYeI7dVMnUhc%3D&reserved=0> [twitter] <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2F%40MilSSD&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=SghNjlUimXpR00MhJKEIjYRAaLxMXYpObH1%2F4s2OoyM%3D&reserved=0> See the new M4[cid:image004.jpg at 01D348E7.AF930710]<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.marketwired.com%2Fpress-release%2Fsmart-high-reliability-solutions-announces-availability-its-new-highly-ruggedized-highly-2235071.htm&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=waPn5VImF5ReRL7DiAAmVJL3yjlCWxrD0PpMT%2FZsyks%3D&reserved=0>
See us on Storage Search https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.storagesearch.com%2Fsmart2.html&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=ZGm%2FTG5S%2F5unSBrTryxTdOr%2FSLgYsu2UwPV3HOPE7XQ%3D&reserved=0
510-624-5391 | Fax: 480-926-5579 | 1325 N. Fiesta Blvd. Suite 101 Gilbert, Az. 85233
This email message (and any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
Sent: Saturday, December 09, 2017 1:02 PM
To: Main PLUG discussion list
Subject: Re: Hardening WIFI
Appreciate your help and advice!!
On 2017-11-23 15:52, Michael Butash wrote:
Ensure you're only using wpa2-aes (no tkip, or mix wpa1-2), and use a very long psk string. Ensure your clients aren't vulnerable to the blueborne and other wifi ota exploits. Not much else you can do really unless you want to run a radius and/or cert pki in-house to do eap-tls, or peap. You can crack against wpa2, but unless using an easy string, it's not easy or assured they will figure out your string.
I use a 32char random string, special characters, really annoying when adding new devices, but I don't worry about someone cracking it.
-mb
On Thu, Nov 23, 2017 at 2:58 PM, <techlists at phpcoderusa.com<mailto:techlists at phpcoderusa.com>> wrote:
Hi,
I would like to "Harden" my WIFI and am not sure where to start. I seem to recall past discussions on replacing the standard equipment provided by our ISP.
I would like to make it very difficult to hack my WIFI and I would like a firewall. And I would like this to be "Plug and Play" as much as is possible. In other words I would like to stay away from installing a Linux firewall on an extra PC and then having to maintain it.
Please feel free to let me know if my expectations are not valid.
Thanks in advance!!
Keith
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org<mailto:PLUG-discuss at lists.phxlinux.org>
To subscribe, unsubscribe, or to change your mail settings:
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org<mailto:PLUG-discuss at lists.phxlinux.org>
To subscribe, unsubscribe, or to change your mail settings:
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20171210%2F29c45536%2Fattachment-0001.html&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=S4UtcUVtZJllNoGE07HLGeny6bL%2BiLDbTEKRLlfqQX4%3D&reserved=0>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1987 bytes
Desc: image001.png
URL: <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20171210%2F29c45536%2Fattachment-0003.png&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=1eq0%2BjcCsIvlVVOXtvU9a6WfRRFS0%2BEWxBO5oZSJG8o%3D&reserved=0>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 449 bytes
Desc: image002.png
URL: <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20171210%2F29c45536%2Fattachment-0004.png&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=sQr%2FXPXtAK3R7Lor3gHid0GcGxzRoVMp2C0T%2Bi106uU%3D&reserved=0>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 651 bytes
Desc: image003.png
URL: <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20171210%2F29c45536%2Fattachment-0005.png&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=btVbGoF7HMfSSQaKoBL5L6PVS%2FRzrAbASDCnovW7QGc%3D&reserved=0>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 1095 bytes
Desc: image004.jpg
URL: <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20171210%2F29c45536%2Fattachment-0001.jpg&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=E4C2Op4EEmQ%2FCcHZ3BloWwv76V4sV02eM5KK49%2BxUp0%3D&reserved=0>
------------------------------
Message: 2
Date: Sun, 10 Dec 2017 22:33:30 -0700
From: PLUG Announcements <plug-announce at lists.phxlinux.org>
To: plug-announce at lists.phxlinux.org
Subject: PLUG's end of year party this Thursday!
Message-ID:
<mailman.245.1512970412.304.plug-announce at lists.phxlinux.org>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
PLUG's end of year party - December 14th
****
------------------------------------------------------------------------
It's December and time for our annual end of year pot luck.
Bring friends and family.
It's a pot luck, so bring some food or drinks to share if you can. It's
a holiday party, meaning we'll likely have tons of snacks and deserts.
This presents an opportunity to bring a main course, salad or veggie
side dish. Or, cupcakes or pie if you prefer :).
We still meet at Desert Breeze.
Since we're eating for the party, we will not go out to a restaurant
afterwards.
No alcohol.
------------------------------------------------------------------------
The meeting will start at 7pm at The Desert Breeze Substation. People
start arriving as early as 6pm, so if you would like to help setup
and/or chat for a while, arrive a little early.
*Meeting Location*:
Desert Breeze Substation
251 North Desert Breeze Blvd West
Chandler, AZ 85226
The Desert Breeze Substation is on Chandler Blvd and Desert Breeze Blvd,
which is half way between McClintock and Rural. It is very close to
both the south 202 and 101 freeways. Public transportation is
available into the late hours.
For more information see the meeting information on our web site
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fphxlinux.org%2Fmeetings%2F14-east-valley-meeting.html&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=1ymDWuFu54OlmBTyEy%2FpROGya4%2FAS8XZdclRfG1N0yU%3D&reserved=0>
Contact PLUG:
Email: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fphxlinux.org%2Findex.php%2Femail-lists.html&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=fM%2BLgp9LVo6%2BzUS04sZ%2BwTe5KF03FtR324TGE1%2BFKBg%3D&reserved=0
IRC: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fphxlinux.org%2Findex.php%2Fchat.html&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=oAcrUzSOz4baSq0UvP6tMsqOfRkaTrvR5ADKA%2FfitSQ%3D&reserved=0
Google+: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplus.google.com%2F%2BPhxlinuxOrg&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=hUteisGf7EOCNOte3IXVwn6uR25xts8VUNJ5iYm%2BGUE%3D&reserved=0
Meetup: https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.meetup.com%2FPhoenix-Linux-Users-Group%2F&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=W3FsP%2Bri%2BDkgRENVU0tnai8m%2FcoVDri85KIcanBCcaA%3D&reserved=0
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.com%2Fmaps%2Fplace%2F251%2BDesert%2BBreeze%2BBlvd%2BW%2C%2BChandler%2C%2BAZ%2B85226%2F%4033.3076899%2C-111.9220921%2C17z%2Fdata%3D%25214m5%25213m4%25211s0x872b06cdd50c43c7%3A0x7d3e9c66bdb7f8a2%25218m2%25213d33.3070191%25214d-111.9193025%3Fhl%3Den&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=Gw74FXMMtnRhxlgSEe8Rrc11Q6qFrKkXKh8PkO5pUkQ%3D&reserved=0>
See you there,
Brian Cluff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20171210%2F8f6c6297%2Fattachment-0001.html&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=c8n28lJYr9PnSFdy15FXfreRggQpQQ4BEXllsj%2B9dtk%3D&reserved=0>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bmbjdaifmonadlci.png
Type: image/png
Size: 38453 bytes
Desc: not available
URL: <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20171210%2F8f6c6297%2Fattachment-0001.png&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=u8cSovH4VoVsexM6aiMGAP0nn9NTufP63%2Bulgb8ERkc%3D&reserved=0>
-------------- next part --------------
_______________________________________________
PLUG-announce mailing list - PLUG-announce at lists.phxlinux.org
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-announce&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=baCg3zw%2BKjBzStEDPr7Eu9xV4NAbBt1epl8wWA%2F0Rc4%3D&reserved=0
PLUG Website at https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fplug.phoenix.az.us&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=Tkfuq0u70omIN2cdLT%2BVLNMtIMq%2BWSWi2Q4mDqhDv0A%3D&reserved=0
------------------------------
Message: 3
Date: Sun, 10 Dec 2017 22:57:47 -0700
From: Ed <plug at 0x1b.com>
To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
Subject: Re: Hardening WIFI
Message-ID:
<CAO2XAM6Sw=MmzKzCD1mOsxFYtH3Gwm_meCSKxEKPpAcWiG1ghQ at mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
If you want security and Wifi, do the security outside the context of
Wifi - like, require all Wifi traffic to be done through a vpn.
On Sun, Dec 10, 2017 at 4:28 PM, Carruth, Rusty
<Rusty.Carruth at smartm.com> wrote:
>
> ONLY 32? Aren’t you allowed 128?
>
>
>
> Yeah, for the longest time mine was 128 chars long. VERY nasty when entering new devices… My family finally forced me to make it a little shorter! ;-)
>
>
>
>
>
> Rusty Carruth | Customer Support | rusty.carruth at smarth.com | https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.smarth.com&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=eoYE1bFpWll6i38N8JhrKCmlInMKfHsqjPv1ZVHzoO8%3D&reserved=0
>
>
>
> See the new M4
>
>
>
> See us on Storage Search https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.storagesearch.com%2Fsmart2.html&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=ZGm%2FTG5S%2F5unSBrTryxTdOr%2FSLgYsu2UwPV3HOPE7XQ%3D&reserved=0
>
>
>
> 510-624-5391 | Fax: 480-926-5579 | 1325 N. Fiesta Blvd. Suite 101 Gilbert, Az. 85233
>
>
>
> This email message (and any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
>
>
>
> From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
> Sent: Saturday, December 09, 2017 1:02 PM
> To: Main PLUG discussion list
> Subject: Re: Hardening WIFI
>
>
>
>
>
> Appreciate your help and advice!!
>
>
>
>
>
> On 2017-11-23 15:52, Michael Butash wrote:
>
> Ensure you're only using wpa2-aes (no tkip, or mix wpa1-2), and use a very long psk string. Ensure your clients aren't vulnerable to the blueborne and other wifi ota exploits. Not much else you can do really unless you want to run a radius and/or cert pki in-house to do eap-tls, or peap. You can crack against wpa2, but unless using an easy string, it's not easy or assured they will figure out your string.
>
>
>
> I use a 32char random string, special characters, really annoying when adding new devices, but I don't worry about someone cracking it.
>
>
>
> -mb
>
>
>
>
>
> On Thu, Nov 23, 2017 at 2:58 PM, <techlists at phpcoderusa.com> wrote:
>
>
>
> Hi,
>
> I would like to "Harden" my WIFI and am not sure where to start. I seem to recall past discussions on replacing the standard equipment provided by our ISP.
>
> I would like to make it very difficult to hack my WIFI and I would like a firewall. And I would like this to be "Plug and Play" as much as is possible. In other words I would like to stay away from installing a Linux firewall on an extra PC and then having to maintain it.
>
> Please feel free to let me know if my expectations are not valid.
>
> Thanks in advance!!
>
> Keith
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
------------------------------
Message: 4
Date: Mon, 11 Dec 2017 06:42:58 -0700
From: Stephen Partington <cryptworks at gmail.com>
To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
Subject: Re: Hardening WIFI
Message-ID:
<CACS_G9yVtsfRPqkX2TF0njQTtwQRWTydmdPDhjBkar1ZLNn=QQ at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
this really is about all that's left in our current wifi protocols now.
On Sun, Dec 10, 2017 at 10:57 PM, Ed <plug at 0x1b.com> wrote:
> If you want security and Wifi, do the security outside the context of
> Wifi - like, require all Wifi traffic to be done through a vpn.
>
> On Sun, Dec 10, 2017 at 4:28 PM, Carruth, Rusty
> <Rusty.Carruth at smartm.com> wrote:
> >
> > ONLY 32? Aren’t you allowed 128?
> >
> >
> >
> > Yeah, for the longest time mine was 128 chars long. VERY nasty when
> entering new devices… My family finally forced me to make it a little
> shorter! ;-)
> >
> >
> >
> >
> >
> > Rusty Carruth | Customer Support | rusty.carruth at smarth.com |
> https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.smarth.com&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=eoYE1bFpWll6i38N8JhrKCmlInMKfHsqjPv1ZVHzoO8%3D&reserved=0
> >
> >
> >
> > See the new M4
> >
> >
> >
> > See us on Storage Search https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.storagesearch.com%2Fsmart2.html&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=ZGm%2FTG5S%2F5unSBrTryxTdOr%2FSLgYsu2UwPV3HOPE7XQ%3D&reserved=0
> >
> >
> >
> > 510-624-5391 | Fax: 480-926-5579 | 1325 N. Fiesta Blvd. Suite 101
> Gilbert, Az. 85233
> >
> >
> >
> > This email message (and any attachments) is for the sole use of the
> intended recipient(s) and may contain confidential and privileged
> information. Any unauthorized review, use, disclosure or distribution is
> prohibited. If you are not the intended recipient, please contact the
> sender by reply e-mail and destroy all copies of the original message.
> >
> >
> >
> > From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On
> Behalf Of techlists at phpcoderusa.com
> > Sent: Saturday, December 09, 2017 1:02 PM
> > To: Main PLUG discussion list
> > Subject: Re: Hardening WIFI
> >
> >
> >
> >
> >
> > Appreciate your help and advice!!
> >
> >
> >
> >
> >
> > On 2017-11-23 15:52, Michael Butash wrote:
> >
> > Ensure you're only using wpa2-aes (no tkip, or mix wpa1-2), and use a
> very long psk string. Ensure your clients aren't vulnerable to the
> blueborne and other wifi ota exploits. Not much else you can do really
> unless you want to run a radius and/or cert pki in-house to do eap-tls, or
> peap. You can crack against wpa2, but unless using an easy string, it's
> not easy or assured they will figure out your string.
> >
> >
> >
> > I use a 32char random string, special characters, really annoying when
> adding new devices, but I don't worry about someone cracking it.
> >
> >
> >
> > -mb
> >
> >
> >
> >
> >
> > On Thu, Nov 23, 2017 at 2:58 PM, <techlists at phpcoderusa.com> wrote:
> >
> >
> >
> > Hi,
> >
> > I would like to "Harden" my WIFI and am not sure where to start. I seem
> to recall past discussions on replacing the standard equipment provided by
> our ISP.
> >
> > I would like to make it very difficult to hack my WIFI and I would like
> a firewall. And I would like this to be "Plug and Play" as much as is
> possible. In other words I would like to stay away from installing a Linux
> firewall on an extra PC and then having to maintain it.
> >
> > Please feel free to let me know if my expectations are not valid.
> >
> > Thanks in advance!!
> >
> > Keith
> >
> >
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
> >
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
>
--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.
Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20171211%2F9a9ae152%2Fattachment-0001.html&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=YPaARU4A3B6nDC%2F2Kcuj0vvr4%2BzEZ81%2F4VHLRydIvV0%3D&reserved=0>
------------------------------
Message: 5
Date: Mon, 11 Dec 2017 07:19:58 -0700
From: Aaron Jones <retro64xyz at gmail.com>
To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
Subject: Re: Hardening WIFI
Message-ID: <ABBA1903-FCE9-485B-B52E-C65E598ED378 at gmail.com>
Content-Type: text/plain; charset="utf-8"
I am still using a raspberry pi as my intermediary between the wireless internet and some of my devices. This allows me to intelligently decide what to do with traffic, to check traffic for issues, and generally to keep any net related lifting off of my local device.
The edimax cards I use share the usb bus but its plenty fast for shit posting on a chan or checking emails or whatever. You wouldn’t want to make it your first choice for large transfers or similar.
Plus since the vpn is on the pi, its harder for a rogue site to request your traffic to bypass the vpn. Keyword harder not impossible.
A few lithium batteries makes it more portable and if you pre fill it with your normal wifi spots you hit, it can sit in your backpack and just do the thing. For sure though you have to name it something tough like “vpnantifederalgovernmentmyinternethandsoffdonttouchfbi” just to really let people know you are leet.
Thanks,
Aaron
> On Dec 11, 2017, at 6:42 AM, Stephen Partington <cryptworks at gmail.com> wrote:
>
> this really is about all that's left in our current wifi protocols now.
>
>> On Sun, Dec 10, 2017 at 10:57 PM, Ed <plug at 0x1b.com> wrote:
>> If you want security and Wifi, do the security outside the context of
>> Wifi - like, require all Wifi traffic to be done through a vpn.
>>
>> On Sun, Dec 10, 2017 at 4:28 PM, Carruth, Rusty
>> <Rusty.Carruth at smartm.com> wrote:
>> >
>> > ONLY 32? Aren’t you allowed 128?
>> >
>> >
>> >
>> > Yeah, for the longest time mine was 128 chars long. VERY nasty when entering new devices… My family finally forced me to make it a little shorter! ;-)
>> >
>> >
>> >
>> >
>> >
>> > Rusty Carruth | Customer Support | rusty.carruth at smarth.com | https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.smarth.com&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=eoYE1bFpWll6i38N8JhrKCmlInMKfHsqjPv1ZVHzoO8%3D&reserved=0
>> >
>> >
>> >
>> > See the new M4
>> >
>> >
>> >
>> > See us on Storage Search https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.storagesearch.com%2Fsmart2.html&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=ZGm%2FTG5S%2F5unSBrTryxTdOr%2FSLgYsu2UwPV3HOPE7XQ%3D&reserved=0
>> >
>> >
>> >
>> > 510-624-5391 | Fax: 480-926-5579 | 1325 N. Fiesta Blvd. Suite 101 Gilbert, Az. 85233
>> >
>> >
>> >
>> > This email message (and any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
>> >
>> >
>> >
>> > From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
>> > Sent: Saturday, December 09, 2017 1:02 PM
>> > To: Main PLUG discussion list
>> > Subject: Re: Hardening WIFI
>> >
>> >
>> >
>> >
>> >
>> > Appreciate your help and advice!!
>> >
>> >
>> >
>> >
>> >
>> > On 2017-11-23 15:52, Michael Butash wrote:
>> >
>> > Ensure you're only using wpa2-aes (no tkip, or mix wpa1-2), and use a very long psk string. Ensure your clients aren't vulnerable to the blueborne and other wifi ota exploits. Not much else you can do really unless you want to run a radius and/or cert pki in-house to do eap-tls, or peap. You can crack against wpa2, but unless using an easy string, it's not easy or assured they will figure out your string.
>> >
>> >
>> >
>> > I use a 32char random string, special characters, really annoying when adding new devices, but I don't worry about someone cracking it.
>> >
>> >
>> >
>> > -mb
>> >
>> >
>> >
>> >
>> >
>> > On Thu, Nov 23, 2017 at 2:58 PM, <techlists at phpcoderusa.com> wrote:
>> >
>> >
>> >
>> > Hi,
>> >
>> > I would like to "Harden" my WIFI and am not sure where to start. I seem to recall past discussions on replacing the standard equipment provided by our ISP.
>> >
>> > I would like to make it very difficult to hack my WIFI and I would like a firewall. And I would like this to be "Plug and Play" as much as is possible. In other words I would like to stay away from installing a Linux firewall on an extra PC and then having to maintain it.
>> >
>> > Please feel free to let me know if my expectations are not valid.
>> >
>> > Thanks in advance!!
>> >
>> > Keith
>> >
>> >
>> >
>> >
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
>> >
>> >
>> >
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
>> >
>> >
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20171211%2F1336deb9%2Fattachment-0001.html&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=hf7v2GZsZpWpD0Bd44fJuhW81JfjBDffqNDzwU0wfkA%3D&reserved=0>
------------------------------
Subject: Digest Footer
_______________________________________________
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C47e15834a8434ee0bb6408d540c9636d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636486156053116424&sdata=FV6I8vF9Mr12zPlcigwU9Nmb2QNfIB9s%2FhJdQIE%2FLb4%3D&reserved=0
------------------------------
End of PLUG-discuss Digest, Vol 150, Issue 9
********************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20171211/76dfc319/attachment.html>
More information about the PLUG-discuss
mailing list