The UK Home Automation Archive | ||
| Archive Home | ||
| Group Home | ||
|
The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024 | |||
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Re: 802.11b / Consume...
Theres been a couple of articles on slashdot.org recently about wireless security and Ive been working on my own setup here. As far as I am concerned if you can run wep then its a good thing to do. Airsnort and the like require a large amount of traffic to be grabbed before the wep keys can be determined. With WEP, static IPs and a firewall with thoughtful rules in place then 95% of all those who attempt to crack your infrastructure will give up pretty quick. The more layers of security you can put in place the better because each layer will cause more to give up as the task becomes more complex. Oh, and dont ever forget to patch your firewall ;-) One other thing to note that if someone is watching your wireless system the minute you switch off an epod or fuji they could potentially spoof both the ip address and mac address. Id look to add another security layer or two on top. Alongside Patricks suggestion for web access from a particular ip address maybe also have the web server on your internal network expect a cookie as well to determine its a real MarkH machine. A simple little piece of code to implement but another gotcha for the would be hacker. Of course all this relates to wireless to internal network connections and not specifically to making your wireless vlan open to your adsl line. If you would want to make your adsl line open to your wireless lan maybe setup logging on your proxy to ensure you can see where people have been. I have no objection to people using my line as long as its nothing thats going to be causing me problems with the law or using up my entire pipe when i want to be downloading some software and the like ;-) Thanks kieran -----Original Message----- From: Mark Harrison [mailto:Mark.Harrison@xxxxxxx] Subject: RE: [ukha_d] Re: 802.11b / Consume... Duh - static IP addresses! Of course! Thanks, Patrick... that's the way I'll do it. I'm not really worried about sniffing. I only have about 5 devices that I want to be wireless, so they can have static IPs easily... while living on the DMZ. Regards, Mark
http://www.automatedhome.co.uk Post message: ukha_d@xxxxxxx Subscribe: ukha_d-subscribe@xxxxxxx Unsubscribe: ukha_d-unsubscribe@xxxxxxx List owner: ukha_d-owner@xxxxxxx List of UKHA Groups here - http://groups.yahoo.com/group/UKHA_Grouplists/ Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
|