Lax security led to TJX breach A wireless network that employed less protection than many people use on their home systems appears to be the weak link that led TJX Companies, the US-based retailing empire, to preside over the world's biggest known theft of credit-card numbers. Despite a market capitalization of almost $13bn, it appears the company couldn't …
Frankly, if this doesn't put TJX out of business, there is no justice whatsoever in the world. In my professional opinion (I'm in I.T. on the day job, and I own and operate an Internet hosting firm the other 24 hours/day :-| ), this sort of complete and utter disregard for the security of customer information is criminal; TJX might just as well havge called up the Russian Mafia and *asked* them to come steal customer identities.
Of course, the employees who set up the network for TJX might not have been well-trained, nor even told what the network was to be used for. When you hire people at Minimum Wage, you're unlikely to get the best-qualified people available - and the installation wasn't something that could be outsourced to qualified-but-cheap offshore firms, was it?
Three things you do before you even plug your ethernet into the access point (or, for those that take the easier road, immediately after): 1) set up WPA/WPA2, 2) enable MAC filtering to "permit" mode so you explicitly allow only certain addresses, and 3) disable SSID broadcast. While MAC filtering and SSID broadcast disabling won't stop people who are determined to hack into your network, they will stop the casual wardrivers and the people who hop from network to network (many of them blissfully unaware they're doing it).
On a plus note, at my previous address and my new address, I'd say about 80-85% of the wireless networks have been "secured", and of those, 75-90% were secured with WPA/WPA2.
So let's get this right Chris. You are saying that after installing WPA/WPA2 you need to set up MAC filtering and disable SSID broadcasting to "stop the casual wardrivers"?
Why bother to use WPA/WPA2 if casual wardrivers walk through it but can be stopped with MAC filtering and not broadcasting the SSID?
You really should hot the Preview button before the Post button.
WPA and WPA2 should stop anyone from getting access (assuming you've used a decent random key)
Disabling SSID broadcast and enabling MAC address filtering does exactly what Chris states. It hides the network from casual passers by and even though anyone determined can still easily find it it's still good advice. Same as you don't leave valuables on show in your car, you don't leave your network advertising it's presence.
You should really try -thinking- before you post here Steve.
A casual passer by is so little threat to the security of a WPA protected n/w that it is irrelevant, anyone that is serious about getting onto the n/w and is a threat will have the appropriate tools - or just break into the place.
All hiding the SSID does is stop other people setting up wireless systems nearby seeing yours and thus stopping them changing channels to avoid clashing
I wish the government would introduce one-time-use-only SSN numbers so I could generate a unique SSN for each company that asks me for it. That way if the company loses my information and doesn't fess up to it and then someone fraudulently uses my id, I can then squarely point my finger at them.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
