[TriLUG] wireless security

Jeremy West jkwest at rmci.net
Sat Aug 21 00:58:51 EDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I feel the same way about this wireless issue.  Those that want to get in will 
eventually get in.  Mostly I'm just trying to setup some security as a 
deterrent against amatures.  Some type of encryption will have to be 
necessary for sensitive data.  The WAP and RADIUS information is worth the 
read, even if I don't use it.


On Friday 20 August 2004 11:25 am, Dave Sorenson wrote:
> "That which is locked by man can be unlocked by man"
>
> No wireless set up is secure. With that out of the way, you can make
> yourself a less tempting target by using the strongest WEP available and
> rotate the key frequently (still can be cracked given enough time) allow
> by hardware MAC address (this can be sniffed and spoofed in no time).
> And finally turn off your SSID broadcast (again, this can be discovered
> by sniffing enough packets).
>
> Others on the list will have more advanced set ups to suggest (Radius
> authentication, AP outside the DMZ etc..) But these basic steps will
> keep most casual wireless snoops out. The folks who want to get in can
> and will eventually be able to get around the basic protections.. If
> it's critical info/data/service I keep wireless completely out of the loop.
>
> I've always used "appliance" type devices, but I also haven't had the
> business need to be paranoid about setting up a server as an AP.
>
> Dave S
>
> Jeremy West wrote:
> > Hello friends.
> >
> > I just moved in from Utah, and I've heard about this awesome LUG here. 
> > So in the spirit of keeping it awesome.  I have a few questions.  I ask
> > the other one in another thread though.
> >
> > Situation:  I'm installing wireless internet access for a building in the
> > NC State campus area.  The owners are concerned about security
> > (obviously).  Now I can do the whole WEP thing, some mac authentication,
> > and NAT'ing magic. But... is there a better way?  I'll working on a
> > limited budget.
> >
> > Would it be easier to setup the server as a wireless access point, or use
> > a blackbox (linksys senario)?
> >
> > Just some food for thought
> >
> > Thanks
> >
> > Jeremy West

- -- 
//---------------------------
"I had a life once... now I have a computer and DSL"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBJtaNgZTWPj0VdaQRAqM7AJ9TRlpxTuxPoQnISN+h2VgDzWxh/gCghNtV
8xmO5lXBBIpa10Te83sjawM=
=BIJ0
-----END PGP SIGNATURE-----

More information about the TriLUG mailing list