8/5 Any recommendations for wireless networking setup (card/AP)?
Requirements: robust, work w/FreeBSD & Linux, work with Berkeley
network, reasonably secure, reasonably cheap. Performance
is not a major concern (basically I got sick of wires in the
apartment, and want to replace them with 802.11b).
\_ be careful, it looks like the current encryption scheme (WEP?)
sold in most wireless LAN products today isn't strong enough
keep your data from curious neighbors. saw an article in sj
mercury news about it yesterday. something to do order of
"anyone with a laptop and wireless pcmcia card can break into
most wireless crypto methods in about an hour"..
\_ so use ssh. duh. -tom
\_ Its Wireless Equivalent Privacy. WEP is not an encryption
scheme. Its purpose is to make it just as hard to tap a
wireless link as it is to tap a cat5 or fiber link. Its
not designed to make the link more secure than standard
ethernet.
Just using wires doesn't make it any more secure. Even
on wired switched ethernet its possible to read cleartext
passwords using snoop or a catos/ios packet capture prog.
BTW, if its poorly shielded cat5k cable, you perform a
wiretap without splicing cables.
If you are worried about security, use strong encryption.
\_ But you can physically secure the cat5 wires as well as the
switches and routers, specially on a home network. Also, since
the switched ethernet is becoming more common it should be
very hard to sniff anything if at all and to get to the
switch/routers you likely need access to the secured area
where they are located within most organization. With 802.11b
you can sit safe and cozey in your office and sniff as far as
the other guy's laptop across the hall.
\_ So you are using double sheilded zero leakage cat5k
cable in your home? Wow! Are you using serial console
only to your networking equipment with the physical
console on a lcd so the FEDs can't read your screen?
\_ The KEYBOARD. You forgot about the KEYBOARD cable.
\_ It is simple to sniff switched wired networks if you
can plug into them. -tom
\_ I thought many of these boxes (in particular Apple Airport,
but probably others) offer access lists based on MAC
address... wouldn't that help with sniffing?
\_ No. MAC based authentication is required for joining
the network and using active attacks. The WEP "attacks"
are all passive.
BTW, for all you cordless phone users, did you know
that with a few hundred dollars worth of ham radio
equipment I could listen to all your calls?
\_ Yea, but I use CDMA cell phones.
\_ Good for you. I guess I can put my parabolic
mic away now.
\_ Are those round transparent things on the
sidelines during a NFL football game parabolic
mics?
\_ Good point! I keep my home network secured by keeping all
of my routers inside locked Faraday cages and covering the
outside of my house with aluminum foil.
\_ WEP fallibliity aside, I find the Linksys BEFW11S4 to be a pretty
good box, does wireless, network switch, DSL/Cable connection, the
whole deal, and fully configurable through web browser. I've used
\_ Does this mean that if I have e.g. an
ATT Cable modem, this will be enough
hardware to allow multiple machines w/
wireless ethernet cards to access the
Internet?
\_ Yes. You can even get them with 4
port switches. DHCP is supported
out of the box.
several wireless products, and as an Access point the linksys is
the best I've seen so far. The lucent/(now Agere) wireless cards
are really nice too, and they have linux/BSD as well as windows
drivers. -ERic
\_ I also have one of the linksys PCMCIA cards. Not as nice as
the agere/lucent one, and no option for a range extender antenna,
which is kinda annoying. And yeah, the linksys card sucks
for reception. I find it odd that most of the complaints on
the amazon reviews of the ACCESS POINT were actually complaints
about an entirely different product, the wireless cards. -ERic
\_ Thanks for the info. I am aware of the security issues with WEP,
but imho having an internet-connected computer exposes you to
a comparable (if not greater) risk. I am interested in hands-on
experience people have with different hardware. Linksys box
has mixed reviews on Amazon, and I've seen postings to lists
about protocol conformance issues (might be fixed in recent
releases.) Has anyone tried SMC? NetGear? Lucent is nice,
but it's also more expensive.
\_ I've tried the addtron AP. Works fine without WEP, could
not get its encryption to work with anything else. The
lucent AP is damn nice, but really pricey. I wouldn't
recommend it for home use, unless you have money to burn. -ERic
\_ I have a SMC Barricade wireless access point with the extra 3
ports. The documentation that comes with the product is spotty,
and I had to download new firmware as soon as I got the box. But
it's been fairly trouble-free otherwise. DHCP, PPPoE supported
in-box with (very) limited control over the DHCP.
I have a Mac with an Airport card and a PC with a Lucent WaveLAN
gold on the network. Unfortunately, the Airport only
supports 40-bit WEP, the WaveLAN only supports 64-bit or 128-bit,
and I believe the SMC only supports 64-bit, so I don't run WEP
but rather ssh for all my non-web browsing activity.
\_ I wanted WEP just to keep the idiots from piggy backing on my
net. Running without WEP and trusting ssh to keep your data
secure doesn't help against parasitic denial-of-service when
someone hooks up their computer to do WAREZ through your wireless
link. |
http://csua.com/feed/