[MLB-WIRELESS] wireless security?

KevinL darius at obsidian.com.au
Thu Jul 4 19:14:59 EST 2002


I'd suggest first of all that you _should_ worry about who sees what -
anyone that sniffs a password for you can pass themselves off as you -
think posting kiddie porn in your name, through your network.  Rule of
thumb is you're not just protecting your data, you're protecting your
online identity.

Aside from that, VPN'ing will ensure that certain classes of attack
aren't possible - particularly, people stealing your IP or pretending to
be your gateway (see the recent zdnet article on ways to break into a
wireless network).  Some form of vpn'ing will ensure that when you
connect to your gateway, you know it's your gateway and not a fake
access point run by the bad guy next door ;)

Ok, after that healthy dose of paranoia...  It's going to depend on what
your operating system provides as to what you're able to do.  If you're
using linux, you should be able to lock IPs to MAC addresses, and only
allow certain MAC/IPs through your firewall.  If you're on windows, I
can't comment :(

I'll note I'm mid-way through setting up a roll-your-own ad-hoc access
point atm with freeswan rolled into the mix - I'll post my discoveries
as I work it out, if people are interested.  So far, freeswan is proving
to be a pain in the proverbial.

KJL

On Thu, 2002-07-04 at 18:45, Andrew Dean wrote:
> Ok, i've had a think about this a few times and asked around no one seems
> sure...
> 
> Whats the best way to secure my wireless link? alot of people are talking
> about VPN'ing and IPsec etc.. etc.. but thats mainly to protect sniffing of
> that date right? as like most people who will be setting up links
> in/with/for MW i don't really care if people are sniffing my traffic...
> nothing sensitive being sent, what i do care about is people connecting to
> my AP (at the moment its a real netcomm 2mbit AP, but will be changing it
> over to a old laptop with entrasys card ) and accessing things on the
> network, I guess i want to control who has access to it? If someone asks for
> access in the area, thats fine i'm more than happy to give them access, but
> i want to know who is on it etc... i guess the best way would be to limit
> access by MAC address? is this possible? any other suggestions...
> 
> ....
> 
> 
> To unsubscribe: send mail to majordomo at wireless.org.au
> with "unsubscribe melbwireless" in the body of the message
> 



To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list