Re: Wireless Lans give EVERYONE ACCESS

From: Erik Fichtner (techsat_private)
Date: Fri Aug 10 2001 - 11:46:08 PDT

  • Next message: Meritt James: "Re: Winnt/Win2k Vuln ?"

    On Thu, Aug 09, 2001 at 10:13:44AM +0200, Jonas Thambert wrote:
    > WLAN is best used on a separate VLAN/NIC of the firewall in combination 
    > with VPN into the rest of the internal networks.
    
    Don't forget some kind of personal firewall on the devices in the WLAN 
    segment. 
    
    Additionally, you should run this with your default route on the other side
    of the VPN gateway, and only allow traffic to your specific VPN router 
    from your WLAN segment.
    
    > The VPN authentication is best handled my RSA, safeword or biometric
    > systems.
    
    Indeed. The Timestep/Xylan/Alcatel VPN gateway is particularly nice in this
    regard.. Certificate auth plus an additional RADIUS query. 
    
    > Even then its not safe since it only takes 15 min to decrypt the
    > 40-bits key. Maybe WEP2 128-bits key will solve that :-)
    
    Heh. yeah. ~50 minutes.
    
    
    -- 
                            Erik Fichtner; Unix Ronin
                        http://www.obfuscation.org/techs/
    "The reasonable man adapts himself to the world; the unreasonable one
    persists in trying to adapt the world to himself.  Therefore, all progress
    depends on the unreasonable." -- George Bernard Shaw
    
    
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 12:18:03 PDT