[Ma-linux] WEP, WPA, etc
David A. Hammond
hammonds at erols.com
Mon Jun 25 19:34:36 EDT 2007
When I first saw Serge's response, my immediate thought was that
I use the same philosophy (i.e. don't count on the wi-fi
security to keep you secure; instead, admit the likely poor
security of the wi-fi link and only run encrypted traffic on it.).
I still think the philosophy is roughly the same, even though he
backed off and said he thought you were securing a business network.
Here's what I do:
The only computers on my home network that use wi-fi are laptops.
They don't share any resources out to the rest of the network.
When they need access to resources (mainly files) on the network,
they ssh into an appropriate machine and run on that machine. That
way all traffic to and from the laptop is secured by ssh (ssl I guess).
The rest of the machines on my network all communicate through
wired ethernet. All the files in /home reside on a single file
server and are then NFS-exported to the rest of the wired network
(but not across wi-fi). If I had more machines accessing through
wi-fi I would probably stop using NFS and start using sshfs instead.
Of course, this scheme does nothing to prevent someone from cracking
WEP and getting on my network to access the internet, for example.
I am still on dialup, so I consider that a minimal threat.
I would be interested in others' thoughts on this approach.
Theodore Ruegsegger wrote:
> I'm starting to replace some of our old wireless hardware and
> wondering what features I should favor. In particular, I understand
> the WEP encryption that "came with" what I have is now readily
> crackable, so I should be using something better.
> Are things like WPA, WPA2, etc built into the hardware or are they
> something the software driver does? That is, could I be using these
> better protocols even with an older wireless NIC?
> The FAQs I've been able to find go into great detail but assume I
> already know the answer to this question.
> What recommendations do you folks have for hardware or software? My
> * Security support
> * Free Software drivers compatible with GNU/Linux
> * Range and reliability
> Ma-linux mailing list
> Ma-linux at calypso.tux.org
More information about the Ma-linux