On Wed, Nov 24, 2010 at 09:28:49AM -0800, Bill Barry wrote: > I prefer low/none, so others can use my wireless if they need it. Then you > put firewalls on each internal computer to stop access from the wireless.
+1 However, besides all those good steps, I put the wireless on its own DMZ network and address space, then use ssh tunnel from the laptops. A 3-ethernet-port ALIX configured as a firewall makes this easy. That way I can shape and filter traffic if needs be, and someday I will add a no-cat splash page to the wireless, letting people know for sure that service is free but that they should behave decently. I encrypt most traffic on my wired ethernet, not just over the wireless. It would not be difficult to get in and add a snooping device someplace that I do not inspect daily. The ALIX has a built-in crypto engine, so I will configure that someday, too. Keith -- Keith Lofstrom [email protected] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
