Sinabi ni Jeff Gutierrez noong Tue, Mar 26, 2002 at 09:03:00AM -0500 GMT: > #I am still undecided whether this will be my final configuration due to > #security concerns, i.e. drive-by sniffing, neighbor sniffing, etc. Most > #probably I will: > # 1. Go back to using linux as a firewall. > # 2. Treat the wireless subnet as an "untrusted segment" > # 3. Only allow the wireless subnet to do external http/https > # 4. Tunnel smtp/pop over ssh to the firewall and my pop/postfix server > # 5. Figure out how to let the wireless segment access my mp3's on > # my mp3/samba server. > # 6. Find a way to prevent neighbors/drive-by spammers from > # "piggybacking" onto my wirelss net (or at least make it difficult) > # > > After some research, and asking people around, I think this is the > setup I can live with: > 1. Use my existing Linux gateway; add a WiFi > card to it so it can also be the gateway of the wireless nodes. > 2. Use Ad-Hoc mode
Should work although since I have a router and card I use Infrastructure Mode. > 3. Enable WEP encryption As you noted below, this will slow down your connection significantly. If you will tunnel everything through ssh though then maybe you don't need this? > 4. SSH tunnel everything from the wireless nodes -- HTTP, POP/SMTP, etc. Another possibility is to set up a VPN from your wireless node to your gateway. This may also address the issues you're asking about in the following lines. And shouldn't this also cover all our bases, e.g. piggy-backing on connection & off-the-air sniffing? > > With this setup, overall application-level bandwidth will decrease by > more than 50%. But I'd rather have that than find out one day that a > rouge user had messed up with my setup (It's my paranoia working > here.) > > Questions: > 1. If I ssh-tunnel HTTP, I guess I need to have something in the > gateway to proxy all HTTP requests. Is SQUID the answer? > > 2. As with G.T.'s #5 in his to-do list, I'm still at lost with how to Samba-share > files from the Linux box. One article I read suggest that NetBEUI is > used as opposed to TCP/IP when sharing Windows folders. Now, does > anyone know if Samba can ride on NetBEUI? > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
