I've got broadband internet and a Linksys WRT54G wireless router that all of my household computers are connected with. All use WPA2, except my desktop with Netgear WG311v3 (pci) seems to only be able to connect w/ WPA. I'm assuming that this weakest link is making my security weaker, correct?

I've got Zoneminder running on a Debian 5 notebook, and an Airlink101 wireless camera (AICN500W). If I can get my second wireless adapter working, I'd like to have the camera on a different subnet with a different encryption key using WPA2 to make it more secure. The idea is it could only be accessed through the Linux computer adding another layer of security, and it would be more secure because that subnet would only have one WPA2 connection.

Does any of this make sense? Is there something better that I should be doing to accomplish what I have set out to? The last thing in the world I want is someone gaining access to a security camera inside my home.

Thanks

Why are you using wireless for security cameras??

Unless the cameras themselves are capable of encryption, it seems that anyone who is interested, could catch the analog signal to your computer.

I'd use wires.. then worry about wpa2... less.

If I've been reading the articles right, the vulnerable bit of WPA is WPA/TKIP. WPA/AES seems to be resistant to the cracks that were published a year or so ago, so if your hardware can support WPA/AES then I think the security is probably acceptable.


Of course if the problem is the Netgear card, replacing it with one that does support WPA2 is also a viable option.

There is no security from using a subnet.

The camera does WPA2 encryption ... or are you describing a camera that would encrypt the image then send it?
What can I do with two network adapters and a Linux computer to accomplish this isolation, then?

Well, does the camera do encryption.. BEFORE it is transmitted?

Even so.. for maximum security, in my situations.. I would never send CERTAIN encrypted info-- if possible, over the airwaves, where keys and the ability to de-crypt the data would be increased a zillion fold, as compared to a hard wired set up.

I'm going to disagree here. Isolating certain functions into their own subnet does provide a degree of security for functions NOT on that subnet should that subnet be cracked. Of course that does assume that all the subnets are themselves properly secured and monitored so that if trouble occurs on one, it is noticed before it can spread.

Real or virtual networks isolate traffic.

Only a secure endpoint to endpoint connection might be termed a secure subnetted connection. But by that definition it would end up being a VPN anyway and we are back to line one.

We might be getting off on lan segmentation too here.

Moved: This thread is more suitable in Linux Security and has been moved accordingly to help your thread/question get the exposure it deserves.

hellbilly, have you done anything else with this.. or come to any conclusions or ideas?

Not yet. Thanks for all of the responses. I can't do anything until I can get the second adapter working in the computer, and I haven't. Also, at the moment I'm fighting w/ pvrusb2 driver for Hauppauge WinTV. I'll have to come back to this.