[ale] wireless security

Daniel Howard dhhoward at comcast.net
Fri Apr 6 10:24:38 EDT 2007


On Fri, 2007-04-06 at 18:35 -0400, Warren Myers wrote:
 > > but if the vpn is going over the open wap... it still doesn't handle
 > > securiing the machines on the wap.. only the data transferred across
 > > the connection after the connection is made
 > >
 > > vpn on top of wpa2/radius is a good solution, though

 >The vpn serves as both data encryption process and, if using x509
certificates also serves as user identification for network access
(although that is very tricky to set up). Basically, the VPN is used to
handle the data security that wireless does not have. If you have a
signed certificate trusted by the vpn head AND you have the password to
unlock you certificate, you are who you claim to be and are allowed to
access the network. Everything else gets routed to /dev/null.

 >In reality, 99% of all network traffic is web surfing. So who cares
about the security of the data anyway. The other 1% is security
sensitive and must be protected with strong encryption that has passed
the tests of the crypto gurus. Openswan and Strongswan are considered to
be secure vpn tools.

Hmm, my brother-in-law likes OpenVPN, and said it was a piece of cake to 
  set up, I'll ask him why he picked that one over Openswan or Strongswan.

-- 
Daniel Howard
President and CEO
Georgia Open Source Education Foundation



More information about the Ale mailing list