[ale] wireless security

James P. Kinney III jkinney at localnetsolutions.com
Fri Apr 6 21:02:33 EDT 2007


On Fri, 2007-04-06 at 18:35 -0400, Warren Myers wrote:
> but if the vpn is going over the open wap... it still doesn't handle
> securiing the machines on the wap.. only the data transferred across
> the connection after the connection is made
> 
> vpn on top of wpa2/radius is a good solution, though 

The vpn serves as both data encryption process and, if using x509
certificates also serves as user identification for network access
(although that is very tricky to set up). Basically, the VPN is used to
handle the data security that wireless does not have. If you have a
signed certificate trusted by the vpn head AND you have the password to
unlock you certificate, you are who you claim to be and are allowed to
access the network. Everything else gets routed to /dev/null.

In reality, 99% of all network traffic is web surfing. So who cares
about the security of the data anyway. The other 1% is security
sensitive and must be protected with strong encryption that has passed
the tests of the crypto gurus. Openswan and Strongswan are considered to
be secure vpn tools. 



> 
> WMM
> 
> On 4/6/07, James P. Kinney III <jkinney at localnetsolutions.com> wrote:
>         It's a total waste of time trying to secure wireless
>         connections with
>         out the use of VPN software. If the badies want in, they will
>         get in.
>         Drop a totally open high gain antenna WAP in the network
>         outside the
>         firewall and secure the stuff on the network. If sniffing data
>         is deemed
>         bad, require VPN connections.
>         
>         http://hardware.slashdot.org/article.pl?sid=07/04/03/2116239
>         
>         On Thu, 2007-04-05 at 18:20 -0400, Daniel Howard wrote:
>         > Although the conventional wisdom has been that WiFi security
>         is
>         > laughable, there have been some improvements lately
>         (WPA2/802.11i) and
>         > there are third party solutions that require an additional
>         access server
>         > be added to the network.
>         >
>         > What is the currently thinking of this group of the
>         adequateness of the
>         > 802.11i security in off the shelf WiFi APs? 
>         >
>         > TIA, Daniel
>         >
>         --
>         James P. Kinney III
>         CEO & Director of Engineering
>         Local Net Solutions,LLC
>         770-493-8244
>         http://www.localnetsolutions.com
>         
>         GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
>         <jkinney at localnetsolutions.com>
>         Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C
>         6CA7 
>         
>         _______________________________________________
>         Ale mailing list
>         Ale at ale.org
>         http://www.ale.org/mailman/listinfo/ale
>         
> 
> 
> 
> -- 
> http://warrenmyers.com
> "God may not play dice with the universe, but something strange is
> going on with the prime numbers." --Paul Erd?s 
> "It's not possible. We are the type of people who have everything in
> our favor going against us." --Ben Jarhvi, Short Circuit 2 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          
CEO & Director of Engineering 
Local Net Solutions,LLC        
770-493-8244                    
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list