LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-14-2003, 09:53 PM   #1
yocompia
Member
 
Registered: Apr 2003
Location: Chicago, IL
Distribution: openbsd 3.6, slackware 10.0
Posts: 244

Rep: Reputation: 30
wireless concerns: is a VPN the solution?


i'm concerned with the security of my wireless LAN in my apartment. i haven't managed to set any encryption up yet, as i am quite confused with how to do it under hostap (i have a netgear 311A acting as an AP). from what i have read about the WEP that's available i am to understand it is quite insecure. for this reason i'm now interested in a VPN over wireless (screw the WEP), but have no clue where to start reading.

my mail goal is to increase my wireless security, which is currently at about nil. any suggestions on where to start would be awesome.

i can't stop thinking about ninjas and thx for reading,
y-p
 
Old 09-16-2003, 07:30 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,454
Blog Entries: 54

Rep: Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896Reputation: 2896
Here's some LQ search results for wireless security. Also have a look at "Linux and wireless LANs" at http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/ , the "Security software for your Wireless LAN" and security FAQ's under "Other Linux Wireless Howtos and help". IIRC the HOWTO section also has one on Hostap.

Other links (you might have read already):
Wireless LAN Security: A Short History: http://www.oreillynet.com/pub/a/wire.../security.html
Seven Security Problems of 802.11 Wireless: http://www.oreillynet.com/pub/a/wire...5/24/wlan.html
Linux 802.11b and wireless (in)security: http://www.linuxsecurity.com/feature...ss-kismet.html
(In)security of the WEP algorithm: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
Using the Fluhrer, Mantin, and Shamir Attack to Break WEP: http://www.cs.rice.edu/~astubble/wep/

Tools listing like WaveStumbler, Kismet, WEPcrack, Airsnort etc etc: http://www.networkintrusion.co.uk/wireless.htm
 
Old 09-16-2003, 09:51 AM   #3
yocompia
Member
 
Registered: Apr 2003
Location: Chicago, IL
Distribution: openbsd 3.6, slackware 10.0
Posts: 244

Original Poster
Rep: Reputation: 30
thx for the links unSpawn

y-p
 
Old 09-16-2003, 11:14 AM   #4
cyph3r7
Member
 
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238

Rep: Reputation: 30
there are a few solutions available but I found the easiest for me was to firewall off the AP allowing only the specified MAC addresses of my cards. I check the logs for strange attempts, times, etc. I figure if someone has enough time and skill to forge MAC addresses I have other things to be concerned with. Plus I think I would notice someone parked out front that long or the dogs would chase 'em down.

an apartment...different story.
 
Old 09-16-2003, 11:38 AM   #5
yocompia
Member
 
Registered: Apr 2003
Location: Chicago, IL
Distribution: openbsd 3.6, slackware 10.0
Posts: 244

Original Poster
Rep: Reputation: 30
cyph, i've already set the MAC matching on my router/firewall, but there is the issue of my living in an apartment building... i'm to understand that MACs and IPs are sent as plaintext on a wireless network, so that if anyone is listening w/ kismet, etc., they can sniff the MACs and jack my wireless connection. and based on the spatial considerations in the building, that's just about anybody with a laptop.

if i had more space (like cyph), i wouldn't be as concerned. it's still a fun game though: how locked down can i make my security setup? it's a personal challenge of sorts, and since i've stopped playing video games, this is what i'm up to .

thx for the input cyph,
y-p
 
Old 09-16-2003, 01:43 PM   #6
coontie
Member
 
Registered: Jun 2003
Distribution: Fedora Core 5
Posts: 100

Rep: Reputation: 15
are you trying to make sure nobody reads your traffic or that nobody gains access to your router and browses the web for free? If former, then just use VPN and segment it on a separate DMZ. If latter, then you're out of luck. It takes 1.45 seconds to change a mac address. Even less to discover a list of macs allowed with kismet/Airopeek.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
CISCO VPN client install solution daehenoc Linux - Software 3 10-17-2005 09:55 PM
Setting VPN as an Anti-Filtering solution sarmadys Linux - Networking 0 05-27-2005 08:44 AM
ppp, and or vpn routing solution scheidel21 Linux - Networking 5 01-31-2004 11:10 AM
Multiple Windows PPTP Clients/Easy VPN Solution??? Tarantismic Yak Linux - Security 5 04-17-2003 01:24 PM
Good VPN solution tarballedtux Linux - Security 1 11-01-2002 08:45 AM


All times are GMT -5. The time now is 08:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration