-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I feel the same way about this wireless issue. Those that want to get in will eventually get in. Mostly I'm just trying to setup some security as a deterrent against amatures. Some type of encryption will have to be necessary for sensitive data. The WAP and RADIUS information is worth the read, even if I don't use it.
On Friday 20 August 2004 11:25 am, Dave Sorenson wrote: > "That which is locked by man can be unlocked by man" > > No wireless set up is secure. With that out of the way, you can make > yourself a less tempting target by using the strongest WEP available and > rotate the key frequently (still can be cracked given enough time) allow > by hardware MAC address (this can be sniffed and spoofed in no time). > And finally turn off your SSID broadcast (again, this can be discovered > by sniffing enough packets). > > Others on the list will have more advanced set ups to suggest (Radius > authentication, AP outside the DMZ etc..) But these basic steps will > keep most casual wireless snoops out. The folks who want to get in can > and will eventually be able to get around the basic protections.. If > it's critical info/data/service I keep wireless completely out of the loop. > > I've always used "appliance" type devices, but I also haven't had the > business need to be paranoid about setting up a server as an AP. > > Dave S > > Jeremy West wrote: > > Hello friends. > > > > I just moved in from Utah, and I've heard about this awesome LUG here. > > So in the spirit of keeping it awesome. I have a few questions. I ask > > the other one in another thread though. > > > > Situation: I'm installing wireless internet access for a building in the > > NC State campus area. The owners are concerned about security > > (obviously). Now I can do the whole WEP thing, some mac authentication, > > and NAT'ing magic. But... is there a better way? I'll working on a > > limited budget. > > > > Would it be easier to setup the server as a wireless access point, or use > > a blackbox (linksys senario)? > > > > Just some food for thought > > > > Thanks > > > > Jeremy West - -- //--------------------------- "I had a life once... now I have a computer and DSL" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBJtaNgZTWPj0VdaQRAqM7AJ9TRlpxTuxPoQnISN+h2VgDzWxh/gCghNtV 8xmO5lXBBIpa10Te83sjawM= =BIJ0 -----END PGP SIGNATURE----- -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
