Re: Current state of security features


From: Saliya Wimalaratne (saliya_at_hinet.net.au)
Date: 2002-03-07 00:47:04 UTC



On Wed, 6 Mar 2002, David wrote:

> Hi all,
>
> I'm new to this list, but have been reading the archives with interest
> since installing the Prism2 HostAP driver a couple of weeks ago.
>
> The trouble is, at present the network is open to anyone in the office
> or the car park. I'm looking for a way to restrict access (I don't
> need military strength security, but it shouldn't be left wide open as
> at present) and have been looking at 3 options:

Because of the inherent weaknesses in WEP and MAC-based authentication; probably the best thing you can do is (on your Linux box) is setup a VPN server (i.e. FreeS/WAN for Linux clients and MS-PPTP for Windows clients) and only permit access to the 'outside' via the VPN.

If you enforce high-strength crypto for the VPN people *may* still be able to associate with your AP but they will not be able to get at other people's traffic nor get to the 'outside'.

One feature I have seen on Cisco Aironet APs is the ability to deny inter-client forwarding (i.e. all traffic must go out the ethernet port) - can this be done on the AP software for Linux ?

Regards,

Saliya



This archive was generated by hypermail 2.1.4.