[TriLUG] wireless security
Dave Sorenson
dave at logicalgeek.com
Fri Aug 20 11:25:44 EDT 2004
"That which is locked by man can be unlocked by man"
No wireless set up is secure. With that out of the way, you can make
yourself a less tempting target by using the strongest WEP available and
rotate the key frequently (still can be cracked given enough time) allow
by hardware MAC address (this can be sniffed and spoofed in no time).
And finally turn off your SSID broadcast (again, this can be discovered
by sniffing enough packets).
Others on the list will have more advanced set ups to suggest (Radius
authentication, AP outside the DMZ etc..) But these basic steps will
keep most casual wireless snoops out. The folks who want to get in can
and will eventually be able to get around the basic protections.. If
it's critical info/data/service I keep wireless completely out of the loop.
I've always used "appliance" type devices, but I also haven't had the
business need to be paranoid about setting up a server as an AP.
Dave S
Jeremy West wrote:
> Hello friends.
>
> I just moved in from Utah, and I've heard about this awesome LUG here. So in
> the spirit of keeping it awesome. I have a few questions. I ask the other
> one in another thread though.
>
> Situation: I'm installing wireless internet access for a building in the NC
> State campus area. The owners are concerned about security (obviously). Now
> I can do the whole WEP thing, some mac authentication, and NAT'ing magic.
> But... is there a better way? I'll working on a limited budget.
>
> Would it be easier to setup the server as a wireless access point, or use a
> blackbox (linksys senario)?
>
> Just some food for thought
>
> Thanks
>
> Jeremy West
More information about the TriLUG
mailing list