[TriLUG] wireless security
Jeremy West
jkwest at rmci.net
Fri Aug 20 22:12:09 EDT 2004
Please do post your how-to as soon as it is finished. I'd be interested in it
anyways, and I do understand on not having any time. :)
--Jeremy
On Friday 20 August 2004 12:00 pm, Michael Thompson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I agree the 3 NIC setup would be optimal. If you use an OpenBSD
> firewall, you could use authpf on your wireless network to require that
> users log in with a ssh session before the firewall will open the
> outgoing ports for *that* ip only. I currently use that setup at home,
> now an attacker would have to crack my openbsd box to get out to the
> net. Even if the WEP is cracked, the wardriver will be trapped in the
> wireless 'DMZ'. Of course, they can still sniff your wireless traffic,
> so this is still not a replacement for standard wireless security
> policies...
>
> I've been trying to document my setup for a while now, but haven't had
> the time. I hope to upgrade my OBSD firewall to v3.5 this weekend, if I
> do, I'll try to document as I go and build a small 'how-to' and post to
> the list.
>
> Just $.02 :)
>
> - --mike
>
> Andrew Perrin wrote:
> | Welcome! My own thought is that I would use a plain WAP for the wireless
> | itself -- makes life easier to separate that out -- and then an iptables
> | box to route in and out. If you will also have wired connections to the
> | server, I would recommend using three ethernet cards in the routing box:
> | one to the outside world, one to the WAP, and one to wired clients. That
> | way anything coming in on the wired card can be issued an address, while
> | requests coming in from the WAP can be treated with more suspicion.
> |
> | ap
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (Darwin)
>
> iD8DBQFBJiANuxlRkoWKZoMRAv0TAJ9cNbw4WeyuwLdocvKdmBYIM8v9xgCgnz87
> Pa4WtQohnSKr3eso6si84UI=
> =fnbK
> -----END PGP SIGNATURE-----
More information about the TriLUG
mailing list