Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello guys, after being a Linux User for several months I have taken the decision to create my own wireless network (I will be the server of cource.. ).
I have some serious questions I need to ask:
1. How easy is for an intruder to bypass my network's security (Firewall + Antivirus).
2. Is there a "secure way" for me to create a secure wireless LAN?
3. Can you suggest any good Wireless Netword Administration programs?
(NOTE: All other computers in the LAN will have Windows installed, so I need an Administration program that will be compartible with Windows but will run on my Linux Server...)
With the information you've given, it's difficult to give clear answers. For example :
- How many clients will be connecting?
- How much traffic will be going over the network? (e.g. normal home use or busy office use)
- How are you going to implement the firewall?
I'll have a stab at some pointers though.
Quote:
1. How easy is for an intruder to bypass my network's security (Firewall + Antivirus).
Depends how much security you have to bypass. If you have no open ports on the firewall, keep your computers patched up to date and the users are reasonably clued up on security (e.g. don't open unknown attachments), probably fairly difficult. If the firewall is misconfigured or any one of many other problems then possibly quite trivial.
Quote:
2. Is there a "secure way" for me to create a secure wireless LAN?
Using WEP (Wireless Encryption Protocol) is reasonably secure for low-traffic networks as long as you change the key on a regular basis. WEP can be cracked easily, but needs (I think) a few million packets to do so, so if your network isn't too busy, someone's got to eavesdrop for a long time. For more security, you could implement VPNs; someone who knows more about wireless might have some other suggestions too.
Quote:
3. Can you suggest any good Wireless Netword Administration programs?
Originally posted by iainr With the information you've given, it's difficult to give clear answers. For example :
- How many clients will be connecting?
- How much traffic will be going over the network? (e.g. normal home use or busy office use)
- How are you going to implement the firewall?
- 4 Windows PC's
- Busy home use (Games etc.)
- I want to use an easy customizable GUI to configure my firewall, but I don't know any...
I would recommend using a dedicated device for firewall and wireless networking. For example, Linksys have some good, reasonably priced wireless routers with nice graphical front ends. For a home network that should be fine.
You might want a Linux box to act as a file & print server for your PCs, though it really depends on what you use them for - if mainly games machines then you might not really need that.
When you get your wireless router, remember that it probably isn't secure out of the box. Make sure you enable WEP as mandatory and that you have no ports open on the firewall.
Edited to add : for more complex environments there might be a case for running a separate firewall like IPCop, having proxy servers and so on. From what you've said, I doubt that's worthwhile in your case.
If you have specific questions, feel free to ask and I or someone else will do our best to answer.
If you want to keep it simple, buy a dedicated wireless router such as the Linksys I linked to earlier, plug it in and away you go. Once you're comfortable with that, look at adding additional components; but get that working first.
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238
Rep:
I would start simple like suggested. There are many good wireless appliances with built in firewalls on the shelf at best buy. Just be sure to enable WEP. Plus all these come with a web admin interface.
If you want to start to go deeper try something like m0n0wall . You could go as crazy as setting up a hostap with radius authentication but why for 4 systems?
Get a good linksys, a few wireless cards and have fun learning.
Just a piece of advice if you are going to rely on WEP, make sure to change your WEP keys AT LEAST once a month. If you live in an urban area where someone can sniff traffic relatively un-noticed, you need to religiously change them and do so frequently. Make sure to restrict association with the AP to only those hosts that use WEP. The default WEP settings on many wireless routers/APs is to allow either hosts using WEP or un-encrypted traffic. So basically anyone could walk up to your house/office and get an IP by DHCP and immediately have access to the LAN and internet without knowing the WEP key.
If you are thinking about transmitting any kind of sensitive data/documents, I would definitely consider setting up some kind of encryption tunnel or something like CIPE where you are only encrypting the sensitive traffic, but isn't going to require implementing full LAN-wide encyption like FreeSWAN/IPsec or other VPNs would .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.