Hello, 802.11b networks have various security vulnerabilities because of some of the flaws in the standards. Aside from what was discusses below, I would like to add a vulnerability in RC4 which is the encryption method used by WEP that can be broken easily by the "Airsnort Attack".
Below is a link to a white paper on wireless security for further reading: http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safwl_wp.htm At 10:13 AM 3/6/02 -0600, you wrote: >Sinabi ni Jeff Gutierrez noong Tue, Mar 05, 2002 at 06:03:46PM -0500 GMT: > > Due to a recent development in my domicle, my wife, and I are in need > of a wireless network. I'm currently planning on how to incorporate WiFi > into my already existing home network. I just have a few questions, and > I hope people who've done this before could help me iron out a few issues. > > > > My home network which has a few laptops, and a few desktops is > gatewayed by a Pentium/Linux box running the usually services like dhcp, > caching dns, NAT, firewall, etc. > > > >About two months ago I bought an SMC Barricade 7004 AWBR and an SMC >Wirless PCMCIA Card from CompUSA (they had a special/rebate, cost was >~$150 for both). The AWBR is a wireless access point and a router that >can handle 10/100 for wired and is 802.11a compliant. > >I used to have an old IBM Thinkpad as my firewall/router; I have since >replaced that w/ the AWBR. So far so good. Configuration of the AWBR can >be done w/ a browser (cannot use lynx or links) and is relatively easy. >You can check out the manual/specs from the SMC website. While the AWBR >does have a logging facility, it does not support syslog. > >The PCMCIA card works with my wife's Vaio running Windows 98. >Unfortunately, I have not had a chance to try it out on my Linux laptop >yet. However some web sites have reported easy success in configuring >this for Linux. SMC while it does not officially support linux does >provide linux drivers. > >I am still undecided whether this will be my final configuration due to >security concerns, i.e. drive-by sniffing, neighbor sniffing, etc. Most >probably I will: > 1. Go back to using linux as a firewall. > 2. Treat the wireless subnet as an "untrusted segment" > 3. Only allow the wireless subnet to do external http/https > 4. Tunnel smtp/pop over ssh to the firewall and my pop/postfix server > 5. Figure out how to let the wireless segment access my mp3's on > my mp3/samba server. > 6. Find a way to prevent neighbors/drive-by spammers from > "piggybacking" onto my wirelss net (or at least make it difficult) > >HTH. If you have questions, we can take this off-list if you want. > >Cheers, > >G-3 > >_ >Philippine Linux Users Group. Web site and archives at >http://plug.linux.org.ph >To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > >To subscribe to the Linux Newbies' List: send "subscribe" in the body to >[EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
