> From: Craig White > Date: Tue, 01 Feb 2005 19:21:45 -0700 > > On Tue, 2005-02-01 at 18:30 -0700, George wrote: > > Someone posted on this list (I think) a comment that allowed me to infer > > that WEP in and of it's self is not good enough. > > > > The options on the router seem to be: > > disable (default) > > WEP > > 802.1x and RADIUS > > WPA-PSK > > WPA > > > > What other steps might be well advised in order to "lock down" > the network? > > > > Any comments will be carefully attended to. > --- > home or business (wireless AP)? Home. > > how secure do you want it? Very secure from someone making changes. Not worried about someone listening. > --- > > While I have taken every reasonable precaution to minimize the > risk of virus > > transmission through email, I cannot accept liability for any > damage which > > you sustain as a result of software viruses. > > > > It is the responsibility of the recipient to ensure that they > have adequate > > virus protection. > --- > is this really necessary? > Probably not. > From: Craig White > Date: Tue, 01 Feb 2005 20:06:30 -0700 > > On Tue, 2005-02-01 at 19:30 -0700, Donn Shumway wrote: > > George, > > I have been experimenting with Wifi on Linux for a few weeks and I > > have to say I have not had much success (with anything faster than > > 802.11b with WEP). However, regarding security, my typical steps for > > securing the connection are: > > 1) Use WPA-PSK minimum for encryption. If you're on Linux, this may > > not be possible, so use WEP 128-bit. Didn't see a WEP 128-bit option. I assume this is the same as simple WEP. The Linux box (Samba server) joins next week. Does this mean I should not worry about WPA-PSK? Maybe the Linux box should stay on the switch. I see no reason why this wouldn't work while still allowing WPA-PSK? Any thoughts. > > 2) Set the router's MAC address filtering to only accepts known MAC > > addresses and deny all others. > > 3) Do not broadcast your SSID. > > 4) Change the name of your router. A lot of manufacturers put the > > router model name in this field, like my Linksys WRT54G. There's no > > sense telling anyone who does find your network what model your using. > > > > I am not an expert, but this has worked pretty well for all the > > wireless routers I have setup. > > > > Does anyone else have any suggestions? > --- > of course but he should declare where and how secure. > > WEP isn't very secure > WPA-PSK is better > a VPN tunnel is even better but you have to set the wireless AP up so it > denies traffic access to the LAN otherwise - tough for someone to do. Interesting thought. Is there a free VPN that likes MS and Linux? > > If you choose Donn's suggestions above - implement one step at a time > and make sure your wireless can get there so you aren't chasing all > possible problems at once... > Good point. Very good point! > i.e. > start with open - no encryption - and connect Got that. > stop ssid broadcast and then connect > start MAC address filtering and connect > add WEP encryption keys and connect > add WPA-PSK encryption keys and connect (WPA not supported on 802.11b - > need 802.11g) > I need to figure each of these out. Might be back with more questions. > only at last point can you feel as though you have some semblance of > security (wonder how long it will take to break WPA-PSK?) Breaking WEP > keys is reportedly a few minutes. > > If this is a business - I figure the only safe thing to do is to put > wireless access on outside of LAN firewall so they can access internet > and only access LAN via VPN connection. > Good point. FWIW, I am using static IP only. Small network Each Win box has a Norton Firewall which only accepts certian IP address in. I haven't found the Win equivelant of host deny all excptt for host allow. 8-( Craig, thanks Don, thanks George --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss