Re: {SPAM?} Re: [SLUG] Linux and 802.11g cards

From: Andrew M. Hoerter (amh@POBOX.COM)
Date: Wed Mar 31 2004 - 09:58:33 EST


On Tue, 30 Mar 2004, Kat wrote:

> time. Back to the point of discussion- security. After
> reading several articles about this subject, it seems
> that my only real option if I am paranoid (which I'm
> not, really) or if I access hot spots (which I don't)
> would be a VPN -

Well, if you count ssh or stunnel forwarding as a VPN, it needn't be
anywhere near as complicated as setting up IPsec.

I have a wireless net at home, and here's what I do:

a) Turn off SSID broadcasting
b) Enable WEP
c) Enable MAC address filtering (only permitted MAC addresses can
   associate)
d) Use SSH to access resources on the wired network

And, my wireless AP directly connects to a separate interface on the
firewall, so that I can easily create a different policy for that network.

The first three security measures above simply raise the bar a little for
a successful attack, d) is what I depend on for true security. Anything
sensitive gets forwarded over an SSH link. No complex setup required.

Perhaps a "real" VPN (something like IPsec) would make more sense for a
permanent wireless bridge between two wired networks, or something like
that, but for home use there's no need to bother.

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:50:01 EDT