| Author |
Message |
/dev/null
Guest
|
 Posted:
Thu Jan 13, 2005 12:39 pm Post subject:
securing wireless |
|
|
We are putting three windows computers on a wireless network. We already
have a wired network in place that is largely maintained by linux routers
and servers. Our primary concern is the security. We don't want anyone
using our wireless network to gain access to our wired network and we want
all communications across the wireless network to be secured. From what
we've seen, enough sniffing on even a WAP secured wireless net and the
security can be cracked.
Our current plan is to CAT5 a linux system with poptop to the wireless hub
and have the windows computers use m$ ppptp to securely create vpn
connections into poptop. The wireless network address range would not be
allowed to route (the rest of the network is on the "other" side of the
linux poptop server). Each of the windows systems would have their
firewalls tightened down to only allow the ppptp traffic to and from the
poptop server, all other traffic on the wireless network would be blocked.
The same goes for the poptop server. Thus the only network that would offer
access to the windows systems would be the vpn net riding on the ppptp.
I did a quick google and came up with this link where it has already been
done: http://www.schumann.cx/wavelan/
I'm just wondering if you guys (which have much more experience than I) have
done anything similar and if so what your experience and recommendations
are.
Thanks! |
|
| Back to top |
|
 |
Coenraad Loubser
Guest
|
| Posted:
Thu Jan 13, 2005 12:57 pm Post subject:
Re: securing wireless |
|
|
I've considered doing a similar thing, but AP's supporting 152-bit WEP with
TKIP and 802.1x Security seem like so much less trouble.
Aren't they virtually uncrackable?
I know 64bit WEP is a joke. |
|
| Back to top |
|
|
Fidelio
Guest
|
| Posted:
Thu Jan 13, 2005 5:07 pm Post subject:
Re: securing wireless |
|
|
The approuch I did is similar... instead pptp I did IPSec but anyway the
concept is the same. I use ASL (www.astaro.com) to be LINUX IPSec (or PPTP
or L2TP) server.
Regards,
Fidelio
"/dev/null" <dev.null@BeginThread.com> escribió en el mensaje
news:FApFd.3845$P04.520@attbi_s03...
| Quote: | We are putting three windows computers on a wireless network. We already
have a wired network in place that is largely maintained by linux routers
and servers. Our primary concern is the security. We don't want anyone
using our wireless network to gain access to our wired network and we want
all communications across the wireless network to be secured. From what
we've seen, enough sniffing on even a WAP secured wireless net and the
security can be cracked.
Our current plan is to CAT5 a linux system with poptop to the wireless hub
and have the windows computers use m$ ppptp to securely create vpn
connections into poptop. The wireless network address range would not be
allowed to route (the rest of the network is on the "other" side of the
linux poptop server). Each of the windows systems would have their
firewalls tightened down to only allow the ppptp traffic to and from the
poptop server, all other traffic on the wireless network would be blocked.
The same goes for the poptop server. Thus the only network that would
offer
access to the windows systems would be the vpn net riding on the ppptp.
I did a quick google and came up with this link where it has already been
done: http://www.schumann.cx/wavelan/
I'm just wondering if you guys (which have much more experience than I)
have
done anything similar and if so what your experience and recommendations
are.
Thanks!
|
|
|
| Back to top |
|
|
mhicaoidh
Guest
|
| Posted:
Thu Jan 13, 2005 10:15 pm Post subject:
Re: securing wireless |
|
|
Taking a moment's reflection, /dev/null mused:
|
| From what we've seen, enough sniffing on even a WAP secured wireless net
| and the security can be cracked.
You may be mixing up your terms. WAP stands for Wireless Access Point,
and is the physical hardware that wireless clients connect to. This can be
secured with WEP or WPA encryption methods. WEP is the weaker of the two,
and with enough packets sniffed can be cracked easily. WPA, however, fixes
this vulnerability and is infinitely more secure. WPA is, technically,
still vulnerable to dictionary based attacks (where someone attempts to
guess the passphrase), but a long and nonsensical passphrase will generally
protect from these attacks. In other words, don't use "pencil" as your
passphrase. ;-) |
|
| Back to top |
|
|
/dev/null
Guest
|
| Posted:
Thu Jan 13, 2005 10:41 pm Post subject:
Re: securing wireless |
|
|
"mhicaoidh" <®êmõvé_mhic_aoidh@hotÑîXmailŠPäM.com> wrote in message
news:51yFd.4284$OF5.1420@attbi_s52...
| Quote: | Taking a moment's reflection, /dev/null mused:
|
| From what we've seen, enough sniffing on even a WAP secured wireless net
| and the security can be cracked.
You may be mixing up your terms. WAP stands for Wireless Access Point,
and is the physical hardware that wireless clients connect to. This can
be
secured with WEP or WPA encryption methods.
|
Sorry 'WAP' was a typo, I mean WPA. Thanks for catching that |
|
| Back to top |
|
|
James Knott
Guest
|
| Posted:
Sat Jan 15, 2005 4:47 am Post subject:
Re: securing wireless |
|
|
/dev/null wrote:
| Quote: | I'm just wondering if you guys (which have much more experience than I)
have done anything similar and if so what your experience and
recommendations are.
|
I have my wireless network connected to my firewall system, on it's own NIC,
so that it's outside of my firewall. The only way in, is to use ssh or
vpn. I also use WEP for an added layer of protection. |
|
| Back to top |
|
|
Jose Maria Lopez Hernande
Guest
|
| Posted:
Sun Jan 16, 2005 11:30 pm Post subject:
Re: securing wireless |
|
|
mhicaoidh wrote:
| Quote: | You may be mixing up your terms. WAP stands for Wireless Access Point,
and is the physical hardware that wireless clients connect to. This can be
secured with WEP or WPA encryption methods. WEP is the weaker of the two,
and with enough packets sniffed can be cracked easily. WPA, however, fixes
this vulnerability and is infinitely more secure. WPA is, technically,
still vulnerable to dictionary based attacks (where someone attempts to
guess the passphrase), but a long and nonsensical passphrase will generally
protect from these attacks. In other words, don't use "pencil" as your
passphrase. ;-)
|
For a second layer of security you can use a TLS tunnel with a
Freeradius server to authentificate Windows XP supplicants or
Xsupplicant daemons on Linux.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road" |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in