Charles:
Heya. Don't even need a rogue WAP: LinkSys (now Cisco)
has a driverless wired-to-wired bridge, the WET11. Attach that
to any "secure" wired socket and a whole world of problems comes
down.
Partly, this has been a motivational driver behind the
Kaboodle project which conumes most of my cycles (www.Kaboodle.org).
It manages a visual "LAN poulation" GUI, updated automatically,
so you can see everything that's on the network at all times.
As soon as something joins, Kaboodle will sniff its ARP "who
has" requests, and present it into the GUI. It's not perfect (eg,
it uses MAC address for long-term identifiers) but I've cuaght my
neighbors using my WLAN more than once. :)
-Scott
On Tue, 25 Mar 2003, Charles Steinkuehler wrote:
> David Douthitt wrote:
> > I've been working with this new Airport (Apple's 802.11b wireless) and
> > finding out just how insecure America's wireless networks are.
> >
> > Seems like a good purpose for a 486 or Pentium with two network cards
> > would be to act as a firewall and proxy between wireless clients and
> > the rest of the network. Each base station or access point could then
> > be isolated from the rest of the network, and only authorized clients
> > could be allowed in.
> >
> > Authorization could be done over SSL, and all access could be
> > controlled via web proxy and ftp proxy. SSH could be used for terminal
> > access (through the firewall).
> >
> > Are people using these "wireless" solutions that way? Is there one out
> > there already?
>
> Lots of folks are doing this with their wireless networks, and using
> linux based boxes to provide the firewalling. Off the top of my head,
> check out the NoCatNet folks (mainly geared towards publicly available
> wireless lans, but requiring login/auth before use):
>
> http://nocat.net/
>
> There are, however, major problems with *ANY* access-point firewall type
> solution. While your "wired" networks are protected from rogue wireless
> clients, what protects valid wireless devices from attack or sniffing by
> other wireless clients? Going a step further, given the ease of
> installing a $50 WAP, exactly how secure are your internal networks that
> rely on a "physical access" security model? Are you sure some bozo in
> sales didn't install a WAP just so he could browse the 'net from his
> laptop while on a smoke break? If he did, how would you know, and how
> could you protect your network from this in advance?
>
> I think we're heading to a point where *ALL* communication across a
> network, whether internal or external, wired or wireless, will need to
> be encrypted, and/or authenticated for any reasonable expectation of
> security.
>
> --
> Charles Steinkuehler
> [EMAIL PROTECTED]
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by:
> The Definitive IT and Networking Event. Be There!
> NetWorld+Interop Las Vegas 2003 -- Register today!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
>
> _______________________________________________
> leaf-devel mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-devel
>
-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
