[ale] wireless sanity/security check
Horwitz International, LLC.
info at horwitzinternational.com
Mon Jan 4 08:41:51 EST 2010
If you want security / protection for your data on your wired network,
consider using a network device that segregates the wired from the wireless
and forces cross connectivity through a client based VPN connection.
Have a look at :
http://www.sofaware.com/overview.aspx?boneId=145&objId=101&nsId=140
With these appliances, the wired & wireless networks are on different
subnets and separated but a fairly decent firewall.
I use NO security or encryption on my wireless side - sometimes, the best
place to hide, is out in the open :)
Have a good week all.
Roland
Btw - if anyone wants these appliances, I'd be glad to help you get one at
my cost from IngramMicro (Only to ale members but not to businesses).
-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Michael
Trausch
Sent: Sunday, January 03, 2010 9:45 PM
To: Atlanta Linux Enthusiasts - Yes! We run Linux!
Subject: Re: [ale] wireless sanity/security check
If you want a safe wireless network, ensure that the access point
requires a VPN to be signed into before a route to the Internet (or
the LAN) can be had. Otherwise, your wireless network is, no matter
what, less secure than the wired network in your home (unless you have
Ethernet jacks on your home network that are outside your home...
though even then, it's more secure, because you have to have extreme
physical proximity).
WEP, WPA, etc., are really not any security at all. If you're looking
to put the equivalent of a small fence up to keep the honest people
out, it will pretty much do just that, and nothing more. So, I'd say
that whatever you advise really probably doesn't matter: if people
wanted reliably secure network setups, they'd defer the security to a
VPN such that you are using (at least) SSL to encrypt your connections
and enforce some real access control. That may be overkill for most
people's networks, of course... though I would tend to not agree. I'd
just as soon get rid of wireless in my home altogether. When we get
into a house, I have *every* intention of making it actually secure,
myself.
(Though, my wives might not like that idea...)
-- Mike
On Sun, Jan 3, 2010 at 9:17 PM, Matt Rideout <mrideout at windserve.com> wrote:
> IMO, if the data on your network is important enough to need more than
> WPA, it's important enough to need more than MAC address filtering as
> well. I'd be willing to bet that most people who would be able to defeat
> WPA wouldn't be stopped by the MAC filter.
>
> On 1/3/10 8:14 PM, Mark Wright wrote:
>> I am using a MAC address access list in my router to secure my home
>> network. I know that you can sniff then spoof a MAC address but is
>> seems a little overkill to worry about that out here in suburbia.
>> Especially given no teenagers living within several blocks.
>>
>> I have advised two friends to do the same as their WPA setups quit
>> working or have been uncooperative to additions.
>>
>> Do any of you security experts consider this particularly bad advise
>> to give out? Should I help them get WPA working? After having played
>> with some of the tools for sniffing and cracking strong passwords I am
>> wondering if it is worth the extra effort.
>>
>>
>>
>> Mark Wright
>> m.perry.wright at gmail.com <mailto:m.perry.wright at gmail.com>
>>
>>
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
More information about the Ale
mailing list