Dorchester — Oct 12th 2010

The meeting was Introduced by John (who was present in person, previous attempts to have him chair the meeting virtually, having been unsuccessful).
18 members were, likewise, present in person.

Tom gave a talk on Picasa (and using it with its associated Cloud).
The way to access these wonders is to log in (via Google) and download the Picasa 3.8 application for the Mac. Photos can be uploaded, and arranged in Web albums to facilitate sharing. At this point in the proceedings, there was a hiatus whilst awaiting the correct functioning of the much valued, but not infallible Dorset County Council wireless connection to the great WWW.

Eventually, we were able to see how photos can be exported from iPhoto, the process being as follows: select photos, file - export, then sign in to Picasa, and it invites you to define a web folder. When you view what has been uploaded, you have the opportunity to send an email to others which links to the photos. iPhoto also appears to link to Flickr, but no-one seems to have tried this, as yet.

The Q&A session included the question of running PC programmes on the Mac - Parallels, VM ware, and Wine are all possible solutions.

After the interval, Mick showed us how to set up a router and a wireless network.

Firstly, one needs a filter attached to each phone socket in use. Then, having connected the router and mac with a cable, you type the IP address provided in the instructions which come with the router, into a browser window browser to set up communications with the router set up screens. Complete the information requested using information from your ISP's Welcome letter. Wireless security options have then to be set to protect the Local wireless network, there many to choose from. Suggest WPA, or preferably WPA2. WEP is not recommended, there are programmes widely available which can crack this type of security in seconds. Unfortunately, some ISPs do not allow WPA, in which case alternative security options, such as not transmitting the network name, or setting up a wireless access list, using MAC address of devices you wish to use, can be used. (computer MAC address can be found via system prefs, network, Airport.)
SR

Comments

Page 1

Eleanor Spenceley said…

I would not waste your time locking down you Wifi router using identified MAC addresses. It is somewhat a 'geeky sounding process' without the 'geeky high level security benefits'.

From http://en.wikipedia.org/wiki/Wireless_security

'MAC filtering is only effective for small residential(SOHO)networks, since it only provides protection when the wireless device is "off the air". Any 802.11 device "on the air" freely transmits it unencrypted MAC address in its 802.11 headers, and it requires no special equipment or software to detect it. Anyone with an 802.11 receiver (laptop and wireless adapter) and a freeware wireless packet analyzer can obtain the MAC address of any transmitting 802.11 within range. In an organizational environment, where most wireless devices are "on the air" throughout the active working shift, MAC filtering only provides a false sense of security since it only prevents "casual" or unintended connections to the organizational infrastructure and does nothing to prevent a directed attack.'

Mick Burrell said…

I take your point Martin and of course you are quite correct. However, this was a “back to basics" session and the security measures I suggested were designed to prevent what you describe as a “casual" attack. I fully appreciate that if the CIA want to hack into my machine I am unlikely to have sufficient knowledge to stop them ;-)

Eleanor Spenceley said…

It's not about CIA hacking into your machine, but as a 'back to basics' talk, if you are not recommending WEP because it can be easily hacked then suggesting the use of MAC addresses as an alternative is (I believe) even less recommended.

Mick Burrell said…

I suggested WPA or better still WPA2. MAC address filtering was in addition to the password as was preventing broadcasting of the network name. I realise that's easy to circumvent too but I was suggesting basic things which may keep out your next door neighbour - a "casual" attack. I tried to put it in perspective by explaining that non broadcast, a WPA or WPA2 password and MAC address filtering would keep me out but maybe not someone with superior knowledge.

Eleanor Spenceley said…

The thing is, you do not need to have 'superior knowledge' of this security stuff to break simple security measures, I sure there is software around on dark bits of the internet to do all the hard work for you.

If someone is determined to hack WEP, they will have no issues getting around MAC address filtering as well.

Ah! You say, surely a belt and braces approach must be better, but what's the point of wearing a belt if it cannot not hold anything up? The best you can hope for is to delay the inevitable and you might just trip over it in the meantime!

That's the problem I have against MAC filtering, all the extra admin work you do just to maintain what devices can and cannot go on your network for very little conceivable security benefit. So what's the point, especially for the non techie!

For people who find the 'back to basics' talks useful, I say keep it simple. Don't waste your time with MAC address filtering, just use a good encryption standard and a nice big 'complex' password. Not advertising your network name is also good advice if you are really unsure.

Since no wireless encryption is _totally_ secure not even WPA-2 (I understand), if you do live next door to a _very_ determined hacker, then I recommend very long ethernet cables :-)

Page 1