Here you assume that you have some security by using WEP. WLANs are simply not secure, and should never be treated as a private network. They should always be treated like a public network and secured accordingly. E.g., place them behind a firewall with no routing between the private and the WLAN IP network, and open VPN tunnels into the private network. If by community network you mean a public access point to the Internet via 802.11 then just pop up some SSIDs and leave the WEP key off so people can just attach. (Without the hassle of cracking WEP.) -----Original Message----- From: Simon Waters [mailto:Simonat_private] Sent: Tuesday, July 17, 2001 16:15 Cc: pen-testat_private Subject: Replacing WEP was Re: Dsniff'ng wireless networks Someone is thinking of doing a community network with Wireless LAN. WEP seems to offer little in this environment, so thinking of replacing it with IP based encryption - sort of a public PKI. Assuming we can get users to switch of non-IP protocols on their client PCs (I know it is hard to right click network neighbourhood and pick properties), do we lose any security at layer two by not using WEP? i.e. Are we more vulnerable to some other types of attack - I'm guessing mostly DoS if any more are possible. But hey they can probably DoS more profitably by stealing the antennas from the relays and selling them. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 10:05:30 PDT