But that is part of the problem. If I configure a wireless AP and lock it down using the best methods available today who is to say that those methods will still be secure next year. WEP was thought to be secure (only by those who invented it), MD5 hashes were thought to be secure. WPA (not WPA2) was thought to be secure and WPA has taken the first step to being broken. Time has proven that nothing will remain secure long term. So you lock the AP down today, but next month might see a vulnerability in it and who is going to fix it? The home owner? Doubtful. Are you going to call every client who has a vulnerable AP and tell them you need to come on site to fix something? Are you going to charge the client? Will you walk the home owner through it so they can fix it themselves?
Personally I go for the minimalist solution available. If I don't need it I don't spec it. This approach works for me but of course your mileage may vary.
Jason
toggle quoted message
Show quoted text
--- On Fri, 1/23/09, Matt <mjrtoo@...> wrote:
From: Matt <mjrtoo@...>
Subject: [Crestron] Re: A wireless router for every rack...?
To: Crestron@...
Date: Friday, January 23, 2009, 4:31 PM
I agree, there's a lot of talk about 'poorly
configured' and 'rouge
routers'. IMHO that shouldn't even be part of the
discussion,
because if we put them in, they should be properly
configured AND not
rouge.
You know, I can see some bored CS or EE students
screwing with a
classroom
system just for kicks, that is how we learn ;) But,
in the real
world who
has the time and resources, inclination and product
knowledge to do
this
sort of hacking on a system where there is not the
slightest profit
in doing
so. Why not spend their time trying to hack into
Obama's
Crackberry if they
want some fun? WRT to drapes and other motorized
devices, your
program or
your hardware should make such jammage impossible,
because it is
much more
likely that a user (most are dangerous) will damage
something. I
know, you
were just trying to provide an illustrative example.
I guess if I
was
worried about it I would be more concerned about
someone
initializing the
processor and wiping out the program. But, unless you
are familiar
with
control systems it would take quite a bit of fishing
to figure out
how to do
it. My old linksys with talisman firmware never
forgets who it is,
and I
can turn down the transmit power so the signal is
unavailable at
the street.
If you think through the application and select the
proper
component and
settings, as with any portion of the system, it will
most likely do
what you
intended without causing trouble. After all, knowing
how to do all
that is
why we get the big bucks.
JM$.02
Kol
_____
From: Crestron@...
[mailto:Crestron@...] On
Behalf
Of Jason Dravet
Sent: Friday, January 23, 2009 12:34 PM
To: Crestron@...
Subject: Re: [Crestron] A wireless router for every
rack...?
--- On Wed, 1/21/09, uscurtin <jcurtin@usc.
<mailto:jcurtin%
40usc.edu> edu>
wrote:
The setup:
So my boss has recently decided that a wireless
router
should be put
in place into every rack we install from now on
(or build,
if multiple
racks exist in a single build) so that a tech can
hook up
to the rack
wirelessly whenever they need to service the
rack. This
mandate
extends for all racks, regardless of whether or
not
wireless products
exist in the build (since the router is primarily
for
service).
I have more than several reservations against
this notion,
but rather
than share them immediately, I was wondering what
the rest
of you
thought of this concept. I'm interested in
all sides
of the argument,
so please post whatever thoughts you have on this
idea.
-Justin
Personally I don't like wireless. Most are not
secure (and I am not
just
talking about WEP/WPA. A friend just purchased a
Wireless AP and
installed
it. The router was a NetGear wpn842 I think. It worked
great after I
installed it. When I install equipment I always check
for updated
firmware.
It is a good thing to as router would lose its
settings after a
power
failure without this update. Two weeks later his house
lost power
and all of
the settings were erased. That router was returned and
another
purchased
from a different vendor. But this illustrates APs have
to be
maintained
whereas popular belief is set it up and forgot about
it.
For installs I do for business I usually spec Cisco as
people know
Cisco.
But having extra functions just because is not a good
thing. Even
if the AP
is strictly for Crestron and not connected to the home
or internet
it is a
way in. If someone were to hack into the network via a
AP that the
customer
didn't spec or know about who knows what trouble
the hacker could
get into.
You might be responsible for any damage that occurred.
Say the
hacker
figures out how to open and close the curtains.
Depending on the
motor he
could overheat it (open/close repeatedly, or figure
out how to jam
up the
motor) and cause a fire. Even if in the equipment
specs you say you
are
installing a AP and the customer signs off you might
be responsible
as the
customer really doesn't know what he is signing
for and the AP has
no
legitimate function.
Of course always check with a lawyer.
Jason
------------------------------------
Check out the Files area for useful modules, documents, and
drivers.
A contact list of Crestron dealers and programmers can be
found in the Database area.
Yahoo!
Groups Links
