Jeremy Levy <[EMAIL PROTECTED]> wrote:
>Might want to try www.joltage.com , they are primarily involved in
>setting up a commercial network, however you can download their software
>for free, there is an option in the software to make your Hotspot free
>for all... The software is very easy to setup, they also make a windows
>and Linux version..
The more I look into this, the more I think I need a full (and frank!)
analysis of the potential risks and rewards of various setups.
I think a key requirement is for a home user who wants to share a
Cable/DSL line. This sharing is with other PCs under their control.
These PCs need full access to each other and to the DSL line. There is
then a secondary need which is to share with occasional users. We would
like to encourage this so that there are lots of WiFi hotspots
available. But we must recommend setups that are safe and secure.
So I see a few key threats.
- Guest leaches all the bandwidth
- Guest connects to the ISPs SMTP server behind the DSL to send dubious
emails
- Guest connects to the ISPs NNTP server behind the DSL to send dubious
usenet posts
- Guest captures un-encrypted ID-Passwords such as POP3, FTP et al from
the secure PCs.
- Guest hacks into the secure PCs
- Guest breaks the ISPs AUP in some other fashion.
So I think what is needed is a proper 3 NIC firewall something like
this.
/- Dirty WAP for public access
DSL - Firewall
\- Secure LAN - Secure PCs on Ethernet
\
- Secure WAP running WEP and MAC checking
- Secure PCs on WiFi
The firewall may run software like Joltage, but mainly it applies
additional rules on the dirty WAP
- Some authentication like NoCatAuth
- Bandwidth shaping
- Blocking POP3-SMTP-NNTP access to the ISPs servers
- Blocking all access to the Secure LAN.
- Logging connections
My understanding is that this is all relatively (heh!) easy to setup
with nix-IPchains-NoCatAuth. It's also pretty much impossible to setup
with Windows.
If all this old and re-doing previous discussions, feel free to point me
at a URL.
--
Julian Bond Email&MSM: [EMAIL PROTECTED]
Webmaster: http://www.ecademy.com/
Personal WebLog: http://www.voidstar.com/
CV/Resume: http://www.voidstar.com/cv/
M: +44 (0)77 5907 2173 T: +44 (0)192 0412 433
--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
