Jeff Duntemanns Drive-By Wi-Fi Guide

Overview

How secure can you make a Wi-Fi network? Well, consider Benjamin Franklin's Parable of the Speckled Axe:

A boy found an axe in the woods, lying in the dirt. Its edge was still sharp and true, but the iron head was heavily pitted with rust. The boy took the axe to his father and asked his father to grind it bright and new-looking again.

'I'll do the grinding,' said his father, 'if you turn the stone.'

So they went out to the shed, and while the boy pumped the grindstone's treadle, his father held the axe head hard against the stone, and began to grind away the pits of rust. After a few minutes the boy's father paused, held the axe up for his son to see, and asked him if it was done. There was much bright metal now, but the pits amidst the brightness could still be seen. The boy shook his head and asked his father to continue.

So it went for most of an hour, with the boy breaking a sweat turning the stone, and the sparks flying steadily from the axehead. After an hour or so, the boy signaled for his father to stop. The axe looked much better, though the deepest pits were still visible.

'Father, on thinking it over just now, I believe I like a speckled axe best.'

Network security, be it wireless or wired, is a speckled axe. No matter how hard you work at security, a network cannot be made completely secure. A totally secure network should be theoretically possible, but because of the human factor (i.e., the fact that humans often act like idiots) technology alone isn't enough. Anyone who has managed a department in a mid-sized company or taught third grade (similar challenges in a lot of respects) will immediately understand the human factor.

Technology, by comparison, is a snap.

So let that be one of your fundamental assumptions as you consider the whole issue of network security: There are no secure networks. The best you can do is minimize your chances of taking a hit. The good news is that this is easier than people in the press have made it sound. Wi-Fi security has gotten some very bad press from otherwise good writers who simply don't understand either Wi-Fi or security, and prefer a provocative story to a thoughtful, well-researched one.

In this first short chapter I hope to give you some guidance on how to think about computer security generally, so you can evaluate your own position intelligently. The gist of the process is balancing trust and risk, which can't really happen until you understand both.

Категории