| View previous topic :: View next topic |
| Author |
Message |
Troggy
n00b
Joined: 28 May 2003
Posts: 56
|
 Posted: Tue Aug 26, 2003 2:14 pm Post subject: WLAN Security issues |
 |
|
Hi there !
I plan to buy a Prism2 based WLAN NIC and run it as an WLAN access point using HostAP drivers but before I do that, I want to make sure I can set up a real tight security.
First: I want to keep Internet access open to everyone. I use a hardware router for inet access which also acts as a DHCP server. Gotta work out something to restrict bandwidth for outsiders to prevent DOS attacks.
Second: Access to the network itself should be forbidden except you enter a password (probably gotta set up a small webserver for that here). Without entering the password (which also should be well-encrypted), a wlan user should not even see other PCs in the network but after authorization he should gain access to everything (printers, smb and nfs shares, etc.)
Third: No client should have to install extra software like VPN stuff.
Is there some way to realize this with my FUBAR network knowledge ?
Thanks for any advice
Greetz
Troggy
_________________
PIGGIIIIEEEEES !!! I DEMAAND PIIGGGIIIIEEEEES !!!!!! |
|
| Back to top |
|
 |
SPW
Guru
Joined: 22 Jul 2003
Posts: 318
Location: Lëtzebuerg
|
| Posted: Tue Aug 26, 2003 8:50 pm Post subject: |
|
|
| Well. I installed a wireless network at my home. My wireless NIC is also Prism2 based and I must say that I'm quite happy to even get it to work. In my opinion it is really quite hard to secure a network (this is even more true for wireless networks). I found out that to secure my wireless network is not worth the pain. You could use some of the security features of your hardware router (which are usually quite easy to configure, but may lead to some problems opening ports that are needed for some services. WEP has the reputation for being a lousy encryption and I think with the current configuration tools under Linux is quite a pain to setup. WPA is not very intuitive either. Making the settings on a wireless router/access point may be a walk in the park but the tools to set these things up on your NIC are not very matured yet. I think it will take us another 6 months to get better support for wireless NICs and some standardized intuitive tools for configuring and securing. One security feature I do use is to disable ESSID broadcast. |
|
| Back to top |
|
|
Troggy
n00b
Joined: 28 May 2003
Posts: 56
|
| Posted: Tue Aug 26, 2003 10:54 pm Post subject: |
|
|
Yeah, I see that it might better to use an ACL for now. The other stuff might probably include lots of scripting and shaping dynamic firewall rules 
However I'm gonna try to educate myself and then think about it again.
Greetz
Troggy
_________________
PIGGIIIIEEEEES !!! I DEMAAND PIIGGGIIIIEEEEES !!!!!! |
|
| Back to top |
|
|
SPW
Guru
Joined: 22 Jul 2003
Posts: 318
Location: Lëtzebuerg
|
| Posted: Wed Aug 27, 2003 7:31 am Post subject: |
|
|
| Don't get me wrong. I'm not suggesting to you to leave your hands from a wireless LAN. After all it's a lot of fun and convenient and you learn some new stuff. But securing it with the current tools is just not a child's play. Either you let it quite unsecure or you spend a lot of time getting it secure. |
|
| Back to top |
|
|
|
Other Things Gentoo
