George, My original message included IPSEC. I guess my biggest concern is: Can IPSEC from a windows machine pass through the WAP and end at the Bering box. This would require a few things: The WAP passing IPSEC. The MS Box using IPSEC. Bering able to understand whatever it is that Microsoft "embraced and extended" when they wrote "their" implementation of IPSEC. I was hoping someone had done this and would point out all the potholes in the road.
I read in detail about the WEP flaws. 15 min. to break RC4 encryption because their implementation is so flawed, and no infrastructure to change keys when they have been compromised. That's why IPSEC is so important. Sean On Thu, 2003-12-18 at 12:19, George Metz wrote: > The problem with this approach is that WEP, the security protocol that > most Wireless points use, is fairly weak and relatively easily broken. > If you want to ensure that only authorized users can get in, you kind of > want to use both WEP (Wired Equivalent Protocol, even though it's not... > :) ) and something like IPSec for authenticated access to the WAN. > Otherwise, someone who really wants to can eventually sniff and break > the encryption, and use your pipe for anything they want. > > As a note, if the intended home environment happens to have metal siding > of any type, this can REALLY kill your ability to use WiFi out in your > yard. On the other hand, it makes it really difficult for someone to > pick up your WiFi signal from across the street, as well. Old wiring and > proximity to a microwave transmission tower can also have all sorts of > interesting effects. > > Remember, if you want to get it set up quick and dirty, set up the DMZ, > don't worry about the IPSec for now and just go with the built-in > encryption, and just get her online with a strong caution that anyone > can drive down the street with a laptop and pick up anything she sends > across it, so don't send credit cards or other financial data over the > line. Then, when you've got time, go back and research, then implement > the IPSec tunnel. WEP should be enough to fend off the simply curious > for the time being, though turning off the WAP when she's not going to > be using it might not be a bad idea. (Trips, busy weeks at work, etc.) > > George > > [EMAIL PROTECTED] wrote: > > I have done something similar but not using a DMZ. I simply added a second > > Private network for the WiFi network using a normal NIC and a Separate > > Wireless Access Point. Simply don't add any rules that will allow the two > > networks to interact into your shorewall rules and you have 2 independent, > > isolated internal networks both of which have internet access through your > > firewall. The WiFi equipment we used had the capability to encrypt it's > > own communications which we implemented to ensure that other laptops could > > not be connected to the wireless network and use our satellite connection > > without permission. All of our gear was from Alloy. > > > > Andrew Gray > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Sean E. Covel > > Sent: Tuesday, 16 Dec 2003 06:19 > > To: [EMAIL PROTECTED] > > Cc: Leaf User List > > Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ??? > > > > > > Julian, > > > > On Mon, 2003-12-15 at 11:32, Julian Church wrote: > > > >>Hi Sean > >> > >>On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel <[EMAIL PROTECTED]> > >>wrote: > >> > >> > >>>Here is what I am proposing to do: > >>> > >>>Cable Modem -> Bering --> (Private Network) Current PC (Windows XP) > >>> | > >>> ---> DMZ --> WAP --> Laptop (Windows XP) > >>> > >>>The question is, of course, how to secure the WIFI and Laptop. I was > >>>hoping that the Laptop could establish an IPSEC connection through the > >>>WAP to Bering. > >> > >>Strange! > >> > >>That's exactly what I'm planning at home, except there are two laptops, > >>both running Mac OS X (which has an IPSEC client built in. > >> > >>As far as I've determined by searching the internet, as long as your > >>access point is set up as a transparent bridge, the IPSEC traffic will > >>pass straight through. > >> > >>cheers > >> > >>Julian > >> > >> > > > > > > Since this needs to be up-and-running quickly, and I'm doing it in my > > spare time, I wanted to go the path of least resistance. How soon till > > you implement? I was hoping to learn from someone else's mistakes ;-). > > Don't want to be the trailblazer on this one. It just sounds too easy. > > Anyone actually done it? Even with 802.11a/b/g? > > > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: IBM Linux Tutorials. > > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > > ------------------------------------------------------------------------ > > leaf-user mailing list: [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > > > > > __________ NOD32 1.579 (20031215) Information __________ > > > > This message was checked by NOD32 antivirus system. > > http://www.nod32.com > > > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: IBM Linux Tutorials. > > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > > ------------------------------------------------------------------------ > > leaf-user mailing list: [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
