"That which is locked by man can be unlocked by man"
No wireless set up is secure. With that out of the way, you can make yourself a less tempting target by using the strongest WEP available and rotate the key frequently (still can be cracked given enough time) allow by hardware MAC address (this can be sniffed and spoofed in no time). And finally turn off your SSID broadcast (again, this can be discovered by sniffing enough packets).
Others on the list will have more advanced set ups to suggest (Radius authentication, AP outside the DMZ etc..) But these basic steps will keep most casual wireless snoops out. The folks who want to get in can and will eventually be able to get around the basic protections.. If it's critical info/data/service I keep wireless completely out of the loop.
I've always used "appliance" type devices, but I also haven't had the business need to be paranoid about setting up a server as an AP.
Dave S
Jeremy West wrote:
Hello friends.
I just moved in from Utah, and I've heard about this awesome LUG here. So in the spirit of keeping it awesome. I have a few questions. I ask the other one in another thread though.
Situation: I'm installing wireless internet access for a building in the NC State campus area. The owners are concerned about security (obviously). Now I can do the whole WEP thing, some mac authentication, and NAT'ing magic. But... is there a better way? I'll working on a limited budget.
Would it be easier to setup the server as a wireless access point, or use a blackbox (linksys senario)?
Just some food for thought
Thanks
Jeremy West
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
