Hosting Provided By

RE: wifi security

From: Jason Armstrong <jarmstrong(at)technicacorp.com>
Date: Thu Aug 14 2003 - 14:19:06 EDT

Personally, here's how I would secure a Wireless Access Point (and the network behind it for that matter.)

                           \./
        \./                 |      Public
Private
         |                  |       Side
Side
         |             _____|____             _________________________
_________           
    _____|_____        |        |             |                       |

|

    |         |        | Access |             |         VPN           |

|

    |Remote   |        |  Point |             |      Appliance        |


|_____   LAN


    | Laptop  |        |        |_____________|(e.g. Nortel
Contivity)|_________________|
    |_________|        |________|.1         .2|_______________________|.1

|

   /         /


|________


  /_________/                   192.168.10.0/24

192.168.20.0/24 |

|_______

The Nortel Contivity is a VPN firewall solution. I'm using it as an example because they are relatively cheap (See eBay) and I often work with them. They support RADIUS authentication and Triple DES encryption. The Nortel Contivity client is available for FREE. It is easy to install. You connect to the access point, run the client, the Contivity authenticates you and you have access to the LAN for fileserver access, Internet access, etc. Simple and secure.

Good luck,
Jason

-----Original Message-----
From: K sPecial [mailto:xzziroz@linuxmail.org] Sent: Thursday, August 14, 2003 7:35 AM
To: Simon; lists@kentane.net; security-basics@lists.securityfocus.com Subject: RE: wifi security

Is it just me or do some people ask the same question, over, over and over. Now let me tell you I'm 16, i'm a networker, I program c, I program perl, and I even darn live on my own and pay my own bills. You older networking people (my future) can realy give me one heck of a grin. But I guess that's why I read bugtrack, incidents and secureshell all day :) As for WiFi security I have seen a few emails pass already on the subject of DHCP pooling amungst you'r host's depending on FTP/POP passwords, this is one option. You also have the ability to filter mac address's in your networking down to a fine point of only... go figure your hosts! :) Ok, last but not least I want to say ipsec would be a great option but can't guarentee it since I have never, personaly had the satisfaction of using this. Reguards, --K-sPecial

Do you need help?

Sorry if I seem to come off as a cocky teen but shit i'm serious here.

Original Message ----- From: "Simon" <simon@snosoft.com> Date: Wed, 13 Aug 2003 15:08:25 -0400 To: <lists@kentane.net>, <security-basics@lists.securityfocus.com> Subject: RE: wifi security

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> JC, 
> 	The first question that I have to ask you is what are your security 
> requirements?  Whats the nature of the information on the target 
> network? There are many ways to secure wireless networks, but there is 
> a point where they are just not suggested.
> 
> 
> 
> - -----Original Message-----
> From: lists@kentane.net [mailto:lists@kentane.net]
> Sent: Wednesday, August 13, 2003 3:21 AM
> To: security-basics@lists.securityfocus.com
> Subject: wifi security
> 
> 
> Greetings list,
> 
> I am looking for some information on WiFi security. Specifically how 
> to secure wifi hotspot types of enviromments. How to authenticate 
> users etc.
> 
> Regards
> JC
> 
> 
> - 
> ----------------------------------------------------------------------
> - -----
> - ----------------------------------------------------------------------
> - ------
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <
http://www.pgp.com>
> 
> iQA/AwUBPzqMqbR5YB3MHZrzEQJzNACffSNzDxKp0BujT52mcb2ubIykOhsAoIgk
> oW7dfkmgEvfkFYUoF/lnnhyc
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
> =Lghd
> -----END PGP SIGNATURE-----
> 
> 
> ----------------------------------------------------------------------
> -----
>
----------------------------------------------------------------------------

-- 
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Received on Fri Aug 15 16:42:16 2003

This message: [ Message body ]
Next message: K sPecial: "Re: Network scanning"
Previous message: Bill Hardstone: "RE: Distinctions in Certification"
Maybe in reply to: lists(at)kentane.net: "wifi security"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:20 EDT