ofcourse anti virii/p.firewall protection is a must. Setting up anti-spoof protection is also regular sysadmin duty, even if its not a WLAN interface. anyway the only usage for WLAN as I see it is in combination with VPN. http://www.cs.rice.edu/~astubble/wep/wep_attack.html jonas -----Original Message----- From: Erik Fichtner [mailto:techsat_private] Sent: den 10 augusti 2001 20:46 To: Jonas Thambert Cc: 'Conal Darcy'; Russell Handorf; VULN-DEVat_private; bugtraqat_private Subject: Re: Wireless Lans give EVERYONE ACCESS On Thu, Aug 09, 2001 at 10:13:44AM +0200, Jonas Thambert wrote: > WLAN is best used on a separate VLAN/NIC of the firewall in > combination > with VPN into the rest of the internal networks. Don't forget some kind of personal firewall on the devices in the WLAN segment. Additionally, you should run this with your default route on the other side of the VPN gateway, and only allow traffic to your specific VPN router from your WLAN segment. > The VPN authentication is best handled my RSA, safeword or biometric > systems. Indeed. The Timestep/Xylan/Alcatel VPN gateway is particularly nice in this regard.. Certificate auth plus an additional RADIUS query. > Even then its not safe since it only takes 15 min to decrypt the > 40-bits key. Maybe WEP2 128-bits key will solve that :-) Heh. yeah. ~50 minutes. -- Erik Fichtner; Unix Ronin http://www.obfuscation.org/techs/ "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable." -- George Bernard Shaw
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 08:49:23 PDT