in reply to Re: Designing a sophisticated wireless application with perl.
in thread Designing a sophisticated wireless application with perl.

Like you said use WEP.

I wouldn't bother with WEP at all. Like you said, it's broken, and can only serve to give the illusion of security.

Lock down the AP to MAC addresses that should be allowed on the network.

I'm not a big fan of restricting by MAC addresses. An attacker can just sniff your network for a while to figure out what MAC addresses are being allowed and then change the MAC address on their own card.

In addition to WEP (which is breakable) use a VPN solution from client to the Firewall. PTPP or IPSEC clients and servers are fairly available for most platforms.

Now we're getting somewhere. VPN, IPSec, and SSH tunnelling are probably the only good ways to secure a wireless network.

I've also heard of a project that, using two or more anttenas, it triangulates the position of a client on the wireless network. This allows you to restrict people on your network by their physical location. (Sorry, I heard about this from a LUG meeting, so I don't have a link. The theory is sound, though.)

  • Comment on Re: Re: Designing a sophisticated wireless application with perl.

Replies are listed 'Best First'.
Re: Re: Re: Designing a sophisticated wireless application with perl.
by waswas-fng (Curate) on Dec 04, 2002 at 19:31 UTC
    I suggest using WEP because it will add a hurdle to a possible attack, even with 40bit WEP it can take quite a while to gather enough weak packets to break the key. Most APs have updates that lower the amount of weak packets that are generated. MAC address filtering on the AP only makes the solution more secure by requiring the attacker (after breaking WEP) to _see_ an active client bound to the AP to know its MAC, It adds a small step but for little amount of work it takes to set up it is worth it IMHO. As far as triangulation of the client I have seen some demos and logic behind it but I am not sure that that would fit in with the original poster's concept of "outside the building" =)

    I guess my bottom line is:
    Make as many hurdles for an attacker to jump over as possible -- With the items I suggested all in place the three "weakest links" in the whole picture are the laptop being used as the client, the person with the password using the laptop, and the physical server.

    -Waswas
[reply]

In Section Seekers of Perl Wisdom