David Douthitt wrote:
I've been working with this new Airport (Apple's 802.11b wireless) and finding out just how insecure America's wireless networks are.

Seems like a good purpose for a 486 or Pentium with two network cards would be to act as a firewall and proxy between wireless clients and the rest of the network. Each base station or access point could then be isolated from the rest of the network, and only authorized clients could be allowed in.

Authorization could be done over SSL, and all access could be controlled via web proxy and ftp proxy. SSH could be used for terminal access (through the firewall).

Are people using these "wireless" solutions that way? Is there one out there already?

Lots of folks are doing this with their wireless networks, and using linux based boxes to provide the firewalling. Off the top of my head, check out the NoCatNet folks (mainly geared towards publicly available wireless lans, but requiring login/auth before use):


http://nocat.net/

There are, however, major problems with *ANY* access-point firewall type solution. While your "wired" networks are protected from rogue wireless clients, what protects valid wireless devices from attack or sniffing by other wireless clients? Going a step further, given the ease of installing a $50 WAP, exactly how secure are your internal networks that rely on a "physical access" security model? Are you sure some bozo in sales didn't install a WAP just so he could browse the 'net from his laptop while on a smoke break? If he did, how would you know, and how could you protect your network from this in advance?

I think we're heading to a point where *ALL* communication across a network, whether internal or external, wired or wireless, will need to be encrypted, and/or authenticated for any reasonable expectation of security.

--
Charles Steinkuehler
[EMAIL PROTECTED]




------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en

_______________________________________________
leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Reply via email to