[GLLUG] Wireless Protocols

Melson, Paul PMelson@sequoianet.com
Tue, 10 Sep 2002 19:37:20 -0400 

I have three recommendations, none of which are all that horrible to
implement.

1. Disable SSID broadcast.  This will reduce most of the Pringle-can
wardrivers from finding your network.  It's possible to launch a
brute-force SSID attack to try and discover the SSID if you know the
network exists, but that's a targeted attack.  Why advertise a private
network?

2. Enable MAC address filtering.  Know the devices you want to connect,
and only allow those devices to connect.  Even cheap $60 cards will let
an attacker spoof the MAC address of their card, so this isn't a
solution, but it's another hurdle, and since most cheap access points
(my $110 Linksys included) support it, it's worth doing.

3. Don't trust it.  Put your AP on a separate network and use a firewall
or something similar to segment it from the internal network.  If you
want complete access to the internal network, think about using a VPN
connection.  Using 3DES or AES VPN tunnels means you don't have to
bother with WEP.  WEP is crackable, but most VPN protocols are not known
to be (at least not with standard PC hardware).

The other upside of something like this is that it requires not just the
equipment but also the user to authenticate to the network.  It provides
a level of accountability.  Good logging from your firewall/vpn entry
point and your AP should also provide you with plenty of heads up long
before even the most determined attacker is able to penetrate your
network.

PaulM

-----Original Message-----
From: Ex Fed [mailto:exfed@hotmail.com]
Sent: Tuesday, September 10, 2002 11:25 AM
To: linux-user@egr.msu.edu
Subject: [GLLUG] Wireless Protocols



I have read about some of the wireless protocols, and have heard that
some 
of them are pretty insecure.

Does anybody have any experience with 802.11b, and has it up and
working?

What can be done to try to mitigate risks of someone accessing a LAN
from 
out in a parking lot?


Lee Duynslager


_________________________________________________________________
Join the world's largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

_______________________________________________
linux-user mailing list
linux-user@egr.msu.edu
http://www.egr.msu.edu/mailman/listinfo/linux-user