[ale] Practical Office Wireless (was Feedback on Wireless Standards)

Thu Mar 27 11:38:35 EST 2003

There've been a lot of good discussions over the past several months here about wireless security.Â  Probably worth your while too google up ale.com on some keywords and see what gems you can find.

A couple easy ones:

Use MAC filtering

Use 128 bit WEP.Â  It still takes time to crack it.Â  Time the vandal types probably don't have.

If your clients can handle it turn off BROADCAST

Consider turning off DHCP for the wireless segment and going static.

Change the SSID from the default settings to something that doesn't identify you or your companyÂ  (at least it might take the criminals extra time to figure out who they're hacking)

A VPN is the only real way to guarantee security.Â  Ok "guarantee".

Consider if you really only need the wireless net up during business hours.Â  If so shut it off at night and on the weekends when most war driving happens.Â  (with a timer)

Try that FakeAP thing that sends out multiple bogus AP IDs.

I think there some wireless auth schemes on freshmeat using DHCP events and such.Â  Worth a look.

Change your SSID every couple of months if you can.Â  Do what you can to make yourself a moving target.

Russ

Â 
Â 
Â 
_ ___________________________________ _
Russell Hogg
ctcrreho at opm.gov
Â 
Â 

-----Original Message-----
From: hbbs at attbi.com [mailto:hbbs at attbi.com] 
To: ale at ale.org
Sent: Thursday, March 27, 2003 11:01 AM
To: ale at ale.org
Subject: [ale] Practical Office Wireless (was Feedback on Wireless Standards)

Given an office setting in a typical office building, what is a typical *proper*
setup for the use of wireless to handle Windows laptops?Â  I'm particularly
concerned about security and Linux-friendliness on both the WAP and laptop ends.

We currently have a D-Link DWL-1000 11Mbps WAP and as far as I can tell, the
only real control that is placed on it is that the community string is set,
although I don't know if it has been changed from the default (I assume that
this "community string" also gets set somehow on the client side and acts as a
kind of password).Â Â  

We also have a couple of D-Link DWl520+ PCI wireless adapters on hand but I'm
unsure as to their usability under Linux.

Two things concern me:Â  RF "sniffability" (i.e., being able to capture and
understand wireless network traffic) and "freeloading" (i.e., providing Internet
and file server access to people upstairs, downstairs, in the parking lot, etc.Â  

Can anyone here clue me in or do I just need to go buy Bob's book? :)

- Jeff
> On Thu, Mar 27, 2003 at 10:09:45AM -0500, Kilroy, Chris wrote:
> > A: (+) faster and not as prone to interference
> >Â Â Â  (-) shorter range, more expensive
>Â  
> (-)Â  No adapters supported with Linux drivers
> (+)Â  many, many nn-overlapping ccahannels
> 
> > B:Â  (+) cheapest, decent range
> >Â Â Â  (-) prone to interference
> 
> (+)Â  Many adapters well-supported under Linux
> 
> > G:Â  (+) supposed to combine the best of both of the above
> >Â Â Â  (-)Â  standard not agreed upon yet, expensive.
> 
> (-)Â  No adapters supported with Linux drivers
> (-)Â  With any 802.11b devices throughput drops dramatically.
> 
>Â  - Pizza
> -- 
> Solomon PeachyÂ Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  pizza at f*cktheusers.org
>Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  ICQ #1318444
> Quidquid latine dictum sit, altum viditurÂ Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  Melbourne, FL
> 
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

-------------------------------
--Â  Even though this E-Mail has been scanned and found clean ofÂ  
--Â  known viruses, OPM can not guarantee this message is virus free.
-------------------------------
--Â  This message was automatically generated.
-------------------------------mi