[lug] wireless points in Boulder
Warren Sanders
sanders at montanalinux.org
Thu Apr 11 12:26:25 MDT 2002
Ferdinand Schmid wrote:
>John Hernandez wrote:
>
>>I know this is an older thread -- I saved the original message a while
>>back with the intention of replying sooner. In case anyone is
>>interested...
>>
>>A while ago I stumbled across a way of deploying inherently insecure
>>wireless networks with at least a bit of confidence. Essentially, you
>>can use a Linux box as an "authentication gateway/router" to
>>compartmentalize potentially untrusted users at the network layer.
>>
>>To WEP or not is essentially still the admins' and users' collective
>>decision, and is not directly related to the authentication issue
>>tackled here. Personally, I tend to rely strictly on end-to-end (ssh,
>>SSL) encryption for sensitive data, not trusting the intermediary
>>networks to do this for me.
>>
>This is how I have used 802.11b in the past. Initially I had hoped to
>use it for Windows users at our office but due to the security problems
>this never happened. Doing proper authentication and encryption that is
>transparent to Windows (and its users) isn't trivial and totally cheap
>;) So my access point remains strictly an admin ssh tool.
>
>Ferdinand
>
Most modern access points have the ability to allow access to only
authorized mac addresses. Is this method equal or less secure these
days, or has it been comprimised already too?
On that note, can one easily hack their nic to change their mac address?
I guess all your money riding solely on this measure would not be
advisable if mac address are being spoofed.
--
Warren Sanders
http://MontanaLinux.Org
More information about the LUG
mailing list