[Novalug] best way to secure wireless?
Matt Ahrens
matt.ahrens at gmail.com
Mon Nov 27 15:48:11 EST 2006
Sorry about jumping in this one a little late, but in reference to legacy
hardware, the best solution I've seen is network segregation. If you're
locked into using weak encryption, limit exposure to additional
resources(firewall, NIDS, NIPS, etc), and/or implement some kind of VPN.
Something like SSL-Explorer comes to mind as a nice open source VPN
solution. Depending on your budget, i would consider developing multiple
WLANs for the different services to prevent your neighbors from accessing
unwanted sites from your networks.
Additionally, I would avoid both WEP and WPA whenever possible, in favor of
a WPA2 implementation. As WPA2 uses AES w/CCMP rather than RC4 which
generates easily crackable Keys/IV.
On 11/26/06, Brandon Saxe <brandon20va at yahoo.com> wrote:
>
> What's the best (in your opinion) way to secure wireless 802.11x networks
> in a mix hardware environment with the following support requirements:
>
> o Legacy hardware that consists of devices only supporting WEP 64 bit
> o Legacy hardware that consists of devices supporting WEP 64/128
> o Newer hardware that can do WPA
> o Linux/Windows clients
> o IPSec VPN clients that need to connect to outside networks
> o L2TP/PPTP VPN clients to outside networks possible
>
> Is there a way all this stuff can exist together on a secure, wireless
> network?
>
> Obviously, the least common denominator in this scenario is the WEP 64-bit
> devices. Is there a software solution you'd recommend?
>
> Thanks,
> Brandon
>
> _______________________________________________
> Novalug mailing list
> Novalug at calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://calypso.tux.org/pipermail/novalug/attachments/20061127/a01e302e/attachment.htm
More information about the Novalug
mailing list