[TCLUG] Wi-Fi security question

[Andrew J Zimmer]

I have not heard of an access point that has a wireless firewall.  The Linksys WRTG54 runs Linux and has some hacks available so you could get iptables to firewall wireless NIC's.  You could also setup a Linux box with a wireless NIC and firewall that.
 
Most of your newer Access Point support Radius authentication.  If a wireless client does not authenticate to the Access Point, the packets from that client should be dropped.  Of course you would need a Radius server on the network.
 
WPA should be fine for data encryption but IPSec or VPN server would be better.
 
The best thing you can do is to try to limit wireless signal leaking from the house.  No signal, no access.  You can try to do this by putting the Access Point in a location that stifles the wireless signal and/or limiting the signal string by a weak antenna.  I think the D-Link's have the weakest antenna's at 3 or 5 dBi.
 
Firewall the laptop.
 
Andrew

________________________________

From: tclug-list-bounces at mn-linux.org on behalf of The Wandering Dru
Sent: Mon 12/29/2003 1:00 PM
To: TCLUG Mailing List
Subject: [TCLUG] Wi-Fi security question



My mom is looking to go the wireless route in the near future for her
laptop.  I know a lot of you that use wireless put the AP on the DMZ of
your firewall.

My question is this, do you pinhole the firewall to allow certain
services(ie, filesharing, printing, etc.) back into the LAN or do you
just limit the AP to internet access?  Or is there some other fancy way
to allow these services that I'm not aware of?  I'm mostly just looking
for a security/convenience trade-off comparison.

I have nearly no experience with wireless and would like to come up with
a plan/cost before I go buying stuff willy-nilly on my mom's bill.

--
The Wandering Dru <dru at druswanderings.net>
http://druswanderings.net <--- Things 'n' Such

Get nifty TCLUG merchandise at the TCLUG Store!
http://www.cafeshops.com/tclug

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list





-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 5044 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20031230/a9950cb7/attachment.bin
-------------- next part --------------
_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list