[TriLUG] wireless security

Jeremy West jkwest at rmci.net
Fri Aug 20 22:12:09 EDT 2004


Please do post your how-to as soon as it is finished.  I'd be interested in it 
anyways, and I do understand on not having any time. :)

--Jeremy


On Friday 20 August 2004 12:00 pm, Michael Thompson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I agree the 3 NIC setup would be optimal.  If you use an OpenBSD
> firewall, you could use authpf on your wireless network to require that
> users log in with a ssh session before the firewall will open the
> outgoing ports for *that* ip only.  I currently use that setup at home,
> now an attacker would have to crack my openbsd box to get out to the
> net.  Even if the WEP is cracked, the wardriver will be trapped in the
> wireless 'DMZ'.  Of course, they can still sniff your wireless traffic,
> so this is still not a replacement for standard wireless security
> policies...
>
> I've been trying to document my setup for a while now, but haven't had
> the time.  I hope to upgrade my OBSD firewall to v3.5 this weekend, if I
> do, I'll try to document as I go and build a small 'how-to' and post to
> the list.
>
> Just $.02  :)
>
> - --mike
>
> Andrew Perrin wrote:
> | Welcome! My own thought is that I would use a plain WAP for the wireless
> | itself -- makes life easier to separate that out -- and then an iptables
> | box to route in and out.  If you will also have wired connections to the
> | server, I would recommend using three ethernet cards in the routing box:
> | one to the outside world, one to the WAP, and one to wired clients. That
> | way anything coming in on the wired card can be issued an address, while
> | requests coming in from the WAP can be treated with more suspicion.
> |
> | ap
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (Darwin)
>
> iD8DBQFBJiANuxlRkoWKZoMRAv0TAJ9cNbw4WeyuwLdocvKdmBYIM8v9xgCgnz87
> Pa4WtQohnSKr3eso6si84UI=
> =fnbK
> -----END PGP SIGNATURE-----



More information about the TriLUG mailing list