Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
i'm concerned with the security of my wireless LAN in my apartment. i haven't managed to set any encryption up yet, as i am quite confused with how to do it under hostap (i have a netgear 311A acting as an AP). from what i have read about the WEP that's available i am to understand it is quite insecure. for this reason i'm now interested in a VPN over wireless (screw the WEP), but have no clue where to start reading.
my mail goal is to increase my wireless security, which is currently at about nil. any suggestions on where to start would be awesome.
i can't stop thinking about ninjas and thx for reading,
Distribution: FreeBSD,Debian, RH, ok well most of em...
there are a few solutions available but I found the easiest for me was to firewall off the AP allowing only the specified MAC addresses of my cards. I check the logs for strange attempts, times, etc. I figure if someone has enough time and skill to forge MAC addresses I have other things to be concerned with. Plus I think I would notice someone parked out front that long or the dogs would chase 'em down.
cyph, i've already set the MAC matching on my router/firewall, but there is the issue of my living in an apartment building... i'm to understand that MACs and IPs are sent as plaintext on a wireless network, so that if anyone is listening w/ kismet, etc., they can sniff the MACs and jack my wireless connection. and based on the spatial considerations in the building, that's just about anybody with a laptop.
if i had more space (like cyph), i wouldn't be as concerned. it's still a fun game though: how locked down can i make my security setup? it's a personal challenge of sorts, and since i've stopped playing video games, this is what i'm up to .
are you trying to make sure nobody reads your traffic or that nobody gains access to your router and browses the web for free? If former, then just use VPN and segment it on a separate DMZ. If latter, then you're out of luck. It takes 1.45 seconds to change a mac address. Even less to discover a list of macs allowed with kismet/Airopeek.