On 5 Jun 2006, at 23:05, Spruell, Darren-Perot wrote: > Recent FreeBSD has WPA(2?) support or you could pick up a $50 WAP > to provide > it too. Don't know if there's anything with good security and good > ease-of-client-setup outside of that...
It's always the trade-off between ease of use and security. More of one usually means less of another, and vice versa. It looks like FreeBSD sort of do WPA with wpa_supplicant, and combine that with hostap, it could do. One way or another, the system requires some wireless kit, so it's a case of spend ages hunting for a PCI card that works with OpenBSD or FreeBSD, or just spend #10 more and get an AP that does it all anyway. On 5 Jun 2006, at 23:40, Stuart Henderson wrote: > Although a VPN is a possibility, I'm thinking more along the lines of > a wireless hotspot than an extended network. > > Turn off encryption unless you want to give a false impression > of security. WPA is still subject to ARP poisoning attacks from > users on the network. If somebody is determined to get in, they will. If they want to cock about with the network too, there's little I can actually do to stop that. I just want to make some sort of effort. I think the way forward is to go with the strongest encryption that just a password can give, and tell users to make use of some stronger means of security, along with some basic information. Not too much though, don't want to scare them off... > Walk around the average town for half an hour with a z/laptop > running kismet and see just how many people worked out how to set > up encryption on their own networks... Surely this works in my favour? Because there's such a plethora of easy targets, any target putting up a better than average defence (but by no means uncrackable), they'll go for the softer target. I would. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
