[TriLUG] wireless security
Greg Brown
gregbrown at mindspring.com
Fri Aug 20 13:50:20 EDT 2004
WEP is too easily broken.
If you are setting up a public-use wireless network I would suggest you
take a look at using a VPN router behind the access point. The VPN
router will force authentication for each user and encrypt the traffic
as an added bonus. OpenBSD could play this part as well.
If you are setting up a point-to-point wireless link between two
buildings I'd suggest placing an OpenBSD box on either end of the link
and running ipsec across the link. Of if you're not going to set up
this link within, say, the next month or so I can provide you with a
turn-key encryptor box for just type of thing. I'm still testing it,
so it won't be ready for prime-time for a bit.
Greg
On Friday, Aug 20, 2004, at 12:27 US/Eastern, Jos Purvis wrote:
> Several good solutions have been proposed. One thing you might explore
> is the use of WPA with Pre-Shared Key (WPA-PSK), which seems to offer,
> from the papers I've seen, greater security than WEP without being too
> onerous. From there, you can expand into things like tying the backend
> to a RADIUS server for authentication (users enter their login ID &
> password to authenticate to the network--or this can be single-sign-on
> in some cases), or even exploring the use of digital certificates.
>
> There are some good papers released recently (Google is your friend)
> that detail setting all of that up with open-source tools like
> FreeRADIUS and OpenCA. Good luck, and let us know how it works out!
> (*k0F*TriLUG presentation*k0F*)
>
> --Jos
>
> --
> / Jos Purvis (purvis at melete.org) || Yet Another Security Geek \
> +----------------------------------------------------------------+
> | I just can't haiku / I can never remember / how many...MY EYE! |
> | -- Mike Sphar, demonstrating his poetic abilities in SDM |
> --
> TriLUG mailing list :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
>
More information about the TriLUG
mailing list