[Wolves] secure wireless network

Simon Morris mozrat at gmail.com
Mon Oct 17 17:38:46 BST 2005


On 16/10/05, Mo Awkati <mawkati at yahoo.co.uk> wrote:
> Ok folk, I have acquired an IBM ThinkPad, its only a
> small thing nothing grand about it, but it does what I
> want without losing sleep over it.
>
> How do I secure my wireless connection with Linux?

As others have said this is a contentious subject. WEP is an option
but is nowhere near secure enough to protect critical business data.
For a home network I would recommend the highest level of WEP and
change the keys regulary (read: at least monthly). This still isn't
secure but it will defend against casual wireless snoopers or people
who aren't all that determined to get to your data.

For business wireless networks you should be looking at 802.1x
authentication using EAP (Extensible Authentication Protocol)

I've done a lot of this for work (for companies that are working
towards security procedure compliance for the Sarbanes Oxley act etc)
and only protocols such as PEAP and LEAP are considered to be secure.

This relies on factors such as per user authentication ( basically not
sharing a common WEP key between all users and tying down individual
wireless session to a user - use LDAP authentication which means AD in
many cases)... connection profiles (only allowing access during
certain times of day, only certain layer 3 and 4 protocols etc) and
logging to centralised locations using RADIUS.

The actual encryption is done using WEP still but the WEP key changes
every 5 minutes or 10,000kb or something like this. If it takes more
than 5 minutes to crack 128bit WEP and you are changing you keys this
often you are fairly certain your data is safe.

Not many sites I've been to use MAC filtering but it is another good
layer to stop casual intruders. However a network sniffer and the
ability to set your MAC address in software makes this just a simple
barrier to an intruder

Again for a home network I would configure WEP and try and place a
firewall (IPCop for example) to only allow internet access and not
access to the rest of your home network.

Cheers!

~sm

--
~sm
Jabber: mozrat at gmail.com
www: http://beerandspeech.org



More information about the Wolves mailing list