Securing 802.11 Transmissions, Part 1 15
dW writes "Write down your most private information, and then throw it out the window. That's what wireless data transfers are doing when they're not secured. The deployment of various wireless LANs and Wi-Fi networks or configurations are under consideration by many organizations, and network security is a major concern. This article discusses problems, tips, and best bets for 802.11x's elusive security."
Simple 3 Step Security (Score:2, Informative)
local network, so that all a surfer can see
is the internal firewall.
1a. have a good firewall setup too
2. Allow only know MACS at AP, deny all others.
3. Use SSH, SFTP, tunnel EVERYTHING else through SSL or the like.
OR
1. Use WEP, leave it wide open.
OR
1. Dont use wireless
-slackergod
Re:Simple 3 Step Security (Score:2)
Get a life. It's 802.11. If anyone tries that at my house, they're on my property, and will get a pummeling.
I need a sign, "Forget the dog, beware of owner (802.11)".
protect and serve (Score:2)
i am just getting a wireless setup. I wanted something like the following:
1. Any traffic from/to a short list of machines is encrypted and has the highest priority
2. Anybody that wants to can piggy back on my connection w/ a low priority. (ie my traffic always comes first
One complication is that i have an "always on" vpn to my corp network. I would like to have my laptop able to access that network wirelessly but obviously, I can't let anybody else use it. I have been thinking I would want to
Re:protect and serve (Score:3, Insightful)
No AP is going to do that for you securely. You can use MAC filtering, perhaps, but that can be subverted.
Use some random AP. Hook it up to a firewall. Use IPSec. From your "secure" IP range, only allow IPSec. Only allow packets to the VPN from the secure IP range.
Yawn.. (Score:4, Insightful)
The problem with these guides is that they all look the same, they all recommend the same course of action, but they provide no details as to how you run security.
For my wireless network I run mac address filtering, have the SSID set to not broadcast (and not accept ANY) and run these behind a firewall that only sends DHCP and only accepts encrypted PPTP traffic. (Not because PPTP is good, but because it's easy to setup in Linux and clients are free for windows). You can debate about DHCP being a good idea or not, but I like being able to take my laptop to other networks and not have to reconfigure.
So obviously I've given some thought to securing the LAN, but I don't think my answer is the best one and it's sure not the only one. What I want out of a "guide to securing 802.11" is some comments from the front line. I want to know what works and what doesn't. If checkpoint secureremote is what everyone uses, then I'd like to hear about it. If everyones using ipsec tunnels in freeswan, or Nortel Contivity stuff then great. Let us know what works and what doesn't.
Re:Yawn.. (Score:2)
cable modem
|
|
linux router ---- wireless LAN
|
|
wired LAN
(that is a linux router sitting between three different networks (three NICs in the router))
On the WAP I'm running max WEP encryption (128 bits). I don't bother to do MAC filtering because MAC could be spoofed *far* more easily than cracking the WEP key. I know that WEP is not a great security pr
Could somebody give a little info on MAC filtering (Score:2)
I could look it up on the web, but I find short, to the point blasts of information from fellow geeks to be infinetly more useful.
Re:Could somebody give a little info on MAC filter (Score:1)
They must crash your compuer, regenerate your MAC
address using a program & change to match your IP.
You may decide to use WEP Encryption afterall.
I heard you groan, WEP Encryption but that slows me
down! It is a question of How important is your
security to you V.S. Speed?
If the hacker dosen't know what that all important WEP
password. Keep the ball in your court and over secure your network.
It's a good idea if you dont know alot about security to
not put anyth