Re: [NTLK] WEP vs Airport

From: Alexander Schreiber (als_at_thangorodrim.de)
Date: Sat Apr 26 2003 - 12:28:37 PDT


On Fri, Apr 25, 2003 at 11:07:41PM -0400, Brian Pearce wrote:
> > OK Color me dumb, but what is a hex key and how do I create one? I
> > have a Orinoco Silver and it works without WEP so I have not bothered.
> > Why should I worry when no one is within hacking distance? But it
> > would be nice to be able to set it up so that I could use WEP where it
> > might be possible to hack into my valuable data.
>
> If you have reason to be truly concerned, you'll be better off
> restricting access to a wireless network by MAC address; it's more
> secure.

Only helps against stupid intruders - MAC addresses can easily be
changed. Wireless networks are - unless properly set up - a serious
security risk if you use them for anything that you don't want to be
public. The included crypto - WEP - can be cracked rather easy as well.
Thats why I insisted to secure the the wireless network with IPSec on a
former job. We put up a wireless access point, connected it to a Linux
machine acting as gateway. This machine would actually do _no_ routing
and block all traffic between the wireless network and the regular
company network. It would, however, act as an IPSec gateway, accepting
IPSec traffic from the wireless network (only from clients whose keys
where signed with the our certificate of course), decrypt the traffic
and then send it to the company network. Similiarly, unencrypted traffic
from the company network would be encrypted and sent via IPSec to the
wireless network. So, any attacker can listen in all he wants - all he
sees is properly encrypted IPSec traffic. And he can't access the
internal LAN from the wireless LAN because he doesn't have an IPSec key
signed with our certificate.

Regards,
      Alex.

-- 
"Opportunity is missed by most people because it is dressed in overalls and
 looks like work."                                      -- Thomas A. Edison
-- 
This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries
List FAQ/Etiquette/Terms: http://www.newtontalk.net/faq.html
Official Newton FAQ: http://www.chuma.org/newton/faq/


This archive was generated by hypermail 2.1.5 : Sat Apr 26 2003 - 14:00:00 PDT