'Re: [leaf-devel] New use for firewalls?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       leaf-devel
Subject:    Re: [leaf-devel] New use for firewalls?
From:       Morgan Reed <morgan () allweathersports ! com>
Date:       2003-03-26 5:05:38
[Download RAW message or body]

Rising out from years of lurking...

You all understand that

1.  WEP is essentially what it claims to be; which is Wired Equivalent
Privacy, and can be cracked easily.
(see http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html for a discussion of
why)

2.  Under 802.11b standard (no WEP), it VERY easy to "read" plaintext
traffic, which means if you don't use ssh or something like it to "tunnel"
communications you are open. Everything can be read, and even if you have
protected passwords, you can probably social engineer a password (folks tend
to use the same password over and over...)

3.  Some folks feel that as long as we use TCP/IP you will never be able to
protect 802.11b because of certain inherent security problems.  Of course
there is the proposed 802.11i which is being written with security in mind.

David's ( or was it Scott's?) suggestion that you ONLY allow wireless
connections via a VPN is a good idea, and very common.  It is also a good
use for a LEAF VPN.  I have not been using this technique b/c I have been
tunneling everything over ssh, but if I were deploying to a corporate
network, it is the most logical solution.

Realize there are some inherent problems with securing it at all, frankly.
If your wireless access point connects to your corporate network, it really
is going to be no different to leaving an open Ethernet jack on the outside
of your building;  with enough time and energy someone will probably get in.

I have made a few "Cantennas" and have gotten some pretty good increases in
dB, but overall, the range on 802.11 without real modification can be a form
of security.  That said, the last time I was in Manhattan I stayed at the
Helmsley Palace.  I put my PowerBook up against my hotel window, turned on
stumbler, and got over 20 Access Points, with about 10 of them fully open!

I have become very sanguine about access.  I use MAC address filtering + ssh
for anything real.  I have my TiVo hooked up though my wireless card so I
hate the performance hit from WEP, and VPNs have a hit as well.

David, which version of the AirPort are you using?

Morgan Reed



-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en

_______________________________________________
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic