9/12 I asked this further down in the motd, but I'm really at a loss:
how do you secure your 802.11b WAP? Seems like MAC address limiting
isn't that effective, because people can just sniff a working MAC
address. Also, WEP doesn't seem very good either. Is it impossible
to effectively secure one's WEP without doing something like IPSEC
or installing your own firewall?
\- so some smart people say it isnt enough to do end2end sec
with insecure wireless. i am not quite sure what the threat
is. it may be something along the lines of DoS the hub you think
you are talking to, then masquerade as it [and dump traffic
to break session keys offline] ... but this seems to be pretty
high effort. anyone have an answer to 'what is wrong doing ssh
over so-so security wireless" --psb
\_ The WAP itself is still open to outsiders using your line.
\_ My answer at home is simply put the wireless outside my firewall
and treat machines on that net as foreign/hostile/untruster to my
internal hosts. Short of VPN/IPSEC, etc I haven't found a secure
way I'd trust to put the wireless AP inside my firewall. Please
post if you or anyone else finds a non-VPN/IPSEC solution.
\_ I think WEP should be fine.
\_ Yes, I agree. And changing it every so often augments the
effectiveness. There's no such thing as perfect security. You
just have to make it reasonably strong to make yourself a less
attractive target and accept the tradeoffs. If you think your
MAC has been spoofed, will you still be able to get on the
network if someone else is using your MAC? If not, you know
you've been compromised, so you know it's time to change your WEP
key. And yes, put up a firewall on each of your boxes connecting
to the WAP if you don't have a dedicated firewall behind it. |
http://csua.com/feed/