[Sussex] WAP Security advice...

Matthew Macdonald-Wallace matthew at truthisfreedom.org.uk
Fri Nov 28 08:51:07 UTC 2003 

On Fri, 2003-11-28 at 00:19, Mark Harrison wrote:
> > Unless you want people like Jon and myself taking a look at what's
> > there, yes.
> 
> There will be only three things there:
> - 1: The firewall (which has an internet-facing port in any case)
> - 2: The access points themselves
> - 3: Other users. The only users who will be using this network are users
> already issued with laptops suitable for using on dial-in internet
> connections "out in the field" in any case.

So the firewall looks something like this?

eth0: external/internet

eth1: DMZ/WAP

eth2: Internal LAN (192.168.x.x\24 etc)

In which case, I presume that you have a few DMZ pinholes into the LAN
to allow access to file servers etc?

> How bad is it if people can snoop this?
> 
> I should note that this will be in the centre of the 3rd floor of a large
> building, and unlikely to be within range of anyone outside the building...

In that case (and I'm sure others will correct me if I'm wrong!) I would
say that there's not too much to worry about.  Your best bet IMHO is to
setup one access point in the way you've described, install airsnort
onto a laptop, stand outside the building and start up airsnort.  If it
picks up the network, then see what it says, it should give you channel,
BSSID and if it can, the network id.

Every so often, you'll get people who have modified their wlan cards to
boost the signal, but if they have to go through WEP and a firewall, I'd
say you'll discourage them unless the know what they're after.

If Jon's got anything to add, I'm sure he will, he has real life
experience of setting these things up and *ahem* testing that they work.
:p

Regards,

Matt
--
+----------------------------------+
|Matthew Macdonald-Wallace                  |
|The Truth Will Set you Free              |
|http://www.truthisfreedom.org.uk/  |
+----------------------------------+
"Education is not my top priority --- education is my top priority."
George W. Bush February 27, 2001 From a budget speech in Washington,
D.C.

More information about the Sussex mailing list