Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Wireless Networking Hardware

Securing 802.11 Transmissions, Part 1 15

dW writes "Write down your most private information, and then throw it out the window. That's what wireless data transfers are doing when they're not secured. The deployment of various wireless LANs and Wi-Fi networks or configurations are under consideration by many organizations, and network security is a major concern. This article discusses problems, tips, and best bets for 802.11x's elusive security."
This discussion has been archived. No new comments can be posted.

Securing 802.11 Transmissions, Part 1

Comments Filter:
  • 1.Isolate the access point (AP) only it's own
    local network, so that all a surfer can see
    is the internal firewall.

    1a. have a good firewall setup too :)

    2. Allow only know MACS at AP, deny all others.

    3. Use SSH, SFTP, tunnel EVERYTHING else through SSL or the like.

    OR
    1. Use WEP, leave it wide open.

    OR
    1. Dont use wireless


    -slackergod
    • OR. 1. Get a life. Please XP is a PITA enough just trying to remember the key itself. You REALLY think I'm going to go through all that garbage so someone can't spy on my slashdot profile?

      Get a life. It's 802.11. If anyone tries that at my house, they're on my property, and will get a pummeling.

      I need a sign, "Forget the dog, beware of owner (802.11)".

  • hey all,
    i am just getting a wireless setup. I wanted something like the following:
    1. Any traffic from/to a short list of machines is encrypted and has the highest priority
    2. Anybody that wants to can piggy back on my connection w/ a low priority. (ie my traffic always comes first

    One complication is that i have an "always on" vpn to my corp network. I would like to have my laptop able to access that network wirelessly but obviously, I can't let anybody else use it. I have been thinking I would want to
    • by Piquan ( 49943 )

      No AP is going to do that for you securely. You can use MAC filtering, perhaps, but that can be subverted.

      Use some random AP. Hook it up to a firewall. Use IPSec. From your "secure" IP range, only allow IPSec. Only allow packets to the VPN from the secure IP range.

  • Yawn.. (Score:4, Insightful)

    by whois ( 27479 ) on Tuesday April 22, 2003 @04:50PM (#5784724) Homepage
    So I read this article thinking "Hey, someone wrote a guide on securing 802.11" completely forgetting that I'd seen one of those before.

    The problem with these guides is that they all look the same, they all recommend the same course of action, but they provide no details as to how you run security.

    For my wireless network I run mac address filtering, have the SSID set to not broadcast (and not accept ANY) and run these behind a firewall that only sends DHCP and only accepts encrypted PPTP traffic. (Not because PPTP is good, but because it's easy to setup in Linux and clients are free for windows). You can debate about DHCP being a good idea or not, but I like being able to take my laptop to other networks and not have to reconfigure.

    So obviously I've given some thought to securing the LAN, but I don't think my answer is the best one and it's sure not the only one. What I want out of a "guide to securing 802.11" is some comments from the front line. I want to know what works and what doesn't. If checkpoint secureremote is what everyone uses, then I'd like to hear about it. If everyones using ipsec tunnels in freeswan, or Nortel Contivity stuff then great. Let us know what works and what doesn't.

    • Well, ok... here is what I do/what my home network looks like... admittedly its very similar to what you describe:

      cable modem
      |
      |
      linux router ---- wireless LAN
      |
      |
      wired LAN

      (that is a linux router sitting between three different networks (three NICs in the router))

      On the WAP I'm running max WEP encryption (128 bits). I don't bother to do MAC filtering because MAC could be spoofed *far* more easily than cracking the WEP key. I know that WEP is not a great security pr
  • How easy is it to set-up and how easy is it to spoof?

    I could look it up on the web, but I find short, to the point blasts of information from fellow geeks to be infinetly more useful.
    • How Do They Spoof You Ask?

      They must crash your compuer, regenerate your MAC

      address using a program & change to match your IP.

      You may decide to use WEP Encryption afterall.
      I heard you groan, WEP Encryption but that slows me
      down! It is a question of How important is your
      security to you V.S. Speed?

      If the hacker dosen't know what that all important WEP
      password. Keep the ball in your court and over secure your network.
      It's a good idea if you dont know alot about security to
      not put anyth

How many QA engineers does it take to screw in a lightbulb? 3: 1 to screw it in and 2 to say "I told you so" when it doesn't work.

Working...