[TriLUG] wireless security

[Dave Sorenson]

"That which is locked by man can be unlocked by man"

No wireless set up is secure. With that out of the way, you can make 
yourself a less tempting target by using the strongest WEP available and 
rotate the key frequently (still can be cracked given enough time) allow 
by hardware MAC address (this can be sniffed and spoofed in no time). 
And finally turn off your SSID broadcast (again, this can be discovered 
by sniffing enough packets).

Others on the list will have more advanced set ups to suggest (Radius 
authentication, AP outside the DMZ etc..) But these basic steps will 
keep most casual wireless snoops out. The folks who want to get in can 
and will eventually be able to get around the basic protections.. If 
it's critical info/data/service I keep wireless completely out of the loop.

I've always used "appliance" type devices, but I also haven't had the 
business need to be paranoid about setting up a server as an AP.

Dave S

Jeremy West wrote:
> Hello friends.
> 
> I just moved in from Utah, and I've heard about this awesome LUG here.  So in 
> the spirit of keeping it awesome.  I have a few questions.  I ask the other 
> one in another thread though.
> 
> Situation:  I'm installing wireless internet access for a building in the NC 
> State campus area.  The owners are concerned about security (obviously).  Now 
> I can do the whole WEP thing, some mac authentication, and NAT'ing magic.  
> But... is there a better way?  I'll working on a limited budget.
> 
> Would it be easier to setup the server as a wireless access point, or use a 
> blackbox (linksys senario)?
> 
> Just some food for thought
> 
> Thanks
> 
> Jeremy West