[Techtalk] 802.11b

coldfire rolick571 at duq.edu
Fri Jul 26 12:35:58 EST 2002


> 	You will need a wireless access point. There are several good brands of
> these, in my company we usually use Netgear because they are less
> expensive than 3COM or IBM and of very good quality.
> (http://www.netgear.com and no, I don't own their stock or get kick
> backs ;) )

so far, the cisco APs are my fav, but quite expensive.  i've been
satisfied with my linksys wap11 v2.2 so far, but i've heard just as many
horror stories as success stories.

> > 3.	I get the impression adding the 802 card to this sever is 
> > like by-passing my firewall. 
> 	Only if you don't use encryption. Another reason I like Netgear is that
> setting up encryption and security on your wireless network is insanely
> easy. There is a Webmin type interface where you type in the key word
> you want to use for your firewall (which you will also need to input in
> your preferences on the computers connecting to the wireless network),
> and also a place where you can type in the MAC addresses of each of the
> cards that are ALLOWED to connect to your server. Very easy to do, and
> quite secure unless someone is actually bound and determined to hack
> into your system. (Most people are just looking for a free ride on the
> Internet, and when they can't get that from your airwaves, they'll move
> on to easier pastures.)

i could go on for days about wireless security :)  wep encryption is
very flawed.  it could drive off any potential eavesdroppers just as
quickly as it can grab their attention.  some people just set out to find
networks with wep and crack the keys.  personally, i would test the
throughput with wep disabled, then with wep enabled.  if there is no
significant speed decrease, why not use it?

as for means of authentication, mac address authentication is incredibally
weak.  sniffing the airwaves for mac addresses and then spoofing them is
easier than cracking wep.

on my wireless network, i implement ipsec and ssh tunnels to make sure all
airwaves are safe.  as far as bypassing the firewall, you could go several
routes.  the first being, using wep and forcing some kind of
authentication (which in my eyes is less safe).  a potentially better way
would be to setup your wireless lan as a dmz (demilitarized zone) and have
some router bridge the two networks .. and thus, you could have a firewall
between the two.


coldie




More information about the Techtalk mailing list