soccer2k2
02-14-2005, 10:10 AM
Hi, I am new here. I just want to get an idea of peoples viw of wireless security. What seems to be the most secure setup you have come across?
thanks
thanks
Click to See Complete Forum and Search --> : whats the most secure Wi-Fi setup?
wirelessoceans
02-18-2005, 05:09 PM
Hi,
Heres my 2 cents,
Generally WPA is the highest form of security available on a consumer level but is more difficuult to implement than the other simple methods.
A combination of simple security measures will increase the level of saftey of your personal network. Using these four common measures together will be a good start, MAC filtering, enabling a firewall, 128 bit WEP and no SSID broadcast. The more often you change your WEP key the more secure.
Internet is inherently insecure, wheter wireless, cable or dsl. Often times dsl and especially cable broadband is less secure that wireless because people fail to implement any security measures on these services.
To be sure that you keep sensitive data secure I reommend to all users on any network to only send important information via SSL , keep their personal firewall enabled, and use VPN's if possible, especially when connecting to remote offices networks.
Heres my 2 cents,
Generally WPA is the highest form of security available on a consumer level but is more difficuult to implement than the other simple methods.
A combination of simple security measures will increase the level of saftey of your personal network. Using these four common measures together will be a good start, MAC filtering, enabling a firewall, 128 bit WEP and no SSID broadcast. The more often you change your WEP key the more secure.
Internet is inherently insecure, wheter wireless, cable or dsl. Often times dsl and especially cable broadband is less secure that wireless because people fail to implement any security measures on these services.
To be sure that you keep sensitive data secure I reommend to all users on any network to only send important information via SSL , keep their personal firewall enabled, and use VPN's if possible, especially when connecting to remote offices networks.
M/Q
02-26-2005, 01:26 PM
The only important security advantage that a wired connection has over a wireless is that the signal is restricted to the wire.
So, I always try to stress how important it is to keep the coverage area of your wireless node as large as required to accomplish the tasks you need and no more. If the signal cannot be recieved it cannot be compromised. It is really that simple.
So, I always try to stress how important it is to keep the coverage area of your wireless node as large as required to accomplish the tasks you need and no more. If the signal cannot be recieved it cannot be compromised. It is really that simple.
sniper
02-28-2005, 02:14 AM
Hi you can try using WPA-PSK if you are not using a radius server for simplicity else you can go in for WPA with 802.1X eap authentication, but as on date 802.11i is the strongest as it uses AES and not wep any more, with authentication from radius servers, key hashing(MIC & TKIP).
umdivx
04-06-2005, 01:01 PM
Just thought i'd post my "secure" wireless setup:
I've got a linux box running IPcop firewall which is running FreeRadius
Then I've got a Dlink624 router connected to the network behind the IPcop box
I am running 802.11i (WPA-AES encryption) which is certificate base authentication with the authentication done through the radius server on the IPcop firewall box.
Then to top it off I am running an SSL VPN tunnel from my wireless connected laptop to the IPcop firewall box to further secure all packets transfered wirelessly.
to those of you who think I am paranoid, NO I'm not I was just bored at home drinking a few beers and got a bug up my $#% and decided to play around with that, plus it gives me a new service to office to my clients that want further wireless security.
-Josh
I've got a linux box running IPcop firewall which is running FreeRadius
Then I've got a Dlink624 router connected to the network behind the IPcop box
I am running 802.11i (WPA-AES encryption) which is certificate base authentication with the authentication done through the radius server on the IPcop firewall box.
Then to top it off I am running an SSL VPN tunnel from my wireless connected laptop to the IPcop firewall box to further secure all packets transfered wirelessly.
to those of you who think I am paranoid, NO I'm not I was just bored at home drinking a few beers and got a bug up my $#% and decided to play around with that, plus it gives me a new service to office to my clients that want further wireless security.
-Josh
sniper
04-07-2005, 01:00 AM
Hey,
That's pretty much more than secure & will take a dude millions of years to crackdown just AES, frgt the rest MD5, ISAKAMP IKE, Sha1 & stuff that you use in the VPN. On top of it Mr. Firewall out there must be wondering what am I doin here when so much secure stuff is passin by me. Its like NYPD, FBI, Interpol all put together for safeguarding your data.
This one's ideal for defence services networks.
BTW hom much did it cost you? This amount's gonna touch the sky i guess.
Keep Rockin.
That's pretty much more than secure & will take a dude millions of years to crackdown just AES, frgt the rest MD5, ISAKAMP IKE, Sha1 & stuff that you use in the VPN. On top of it Mr. Firewall out there must be wondering what am I doin here when so much secure stuff is passin by me. Its like NYPD, FBI, Interpol all put together for safeguarding your data.
This one's ideal for defence services networks.
BTW hom much did it cost you? This amount's gonna touch the sky i guess.
Keep Rockin.
umdivx
04-07-2005, 07:06 AM
Well the router was just the cost of old hardware, Im running an OS type install of a linux router software called www.ipcop.com
then installed a free linux version of radius.
and right now I am "borrowing" and Cisco 1200 B/G AP and testing a new IOS release that is beta testing 802.11i.
so really it hasn't cost me anything yet, it will cost me when I have to return the AP to work and get my own equipment.
-Josh
then installed a free linux version of radius.
and right now I am "borrowing" and Cisco 1200 B/G AP and testing a new IOS release that is beta testing 802.11i.
so really it hasn't cost me anything yet, it will cost me when I have to return the AP to work and get my own equipment.
-Josh
myWIFIzone
04-15-2005, 02:40 PM
Sorry for the blatant plug, but another option that does not cost anything is our new WIFI internet access blocker. Runs on any Win2K and XP machine exposed to the WLAN traffic (not just the gateway). You can download it from: http://www.myWIFIzone.com
JoeTampa
05-02-2005, 11:48 AM
Originally posted by umdivx
I am running 802.11i (WPA-AES encryption) which is certificate base authentication with the authentication done through the radius server on the IPcop firewall box.
So you are using EAP-TLS? If not, what EAP-type are you using?
I am running 802.11i (WPA-AES encryption) which is certificate base authentication with the authentication done through the radius server on the IPcop firewall box.
So you are using EAP-TLS? If not, what EAP-type are you using?
JoeTampa
05-02-2005, 11:58 AM
Originally posted by myWIFIzone
Sorry for the blatant plug, but another option that does not cost anything is our new WIFI internet access blocker. Runs on any Win2K and XP machine exposed to the WLAN traffic (not just the gateway). You can download it from: http://www.myWIFIzone.com
Not to sound ungrateful and all, but this product can be bypassed trivially. Further, if it is installed on a wireless PC, it can be knocked out of it's protection role entirely.
To anyone who plans to use this, just be aware that it's no better than the MAC filtering you've likely got in your AP - which is to say, only effective against the honest people.
- Joe
Sorry for the blatant plug, but another option that does not cost anything is our new WIFI internet access blocker. Runs on any Win2K and XP machine exposed to the WLAN traffic (not just the gateway). You can download it from: http://www.myWIFIzone.com
Not to sound ungrateful and all, but this product can be bypassed trivially. Further, if it is installed on a wireless PC, it can be knocked out of it's protection role entirely.
To anyone who plans to use this, just be aware that it's no better than the MAC filtering you've likely got in your AP - which is to say, only effective against the honest people.
- Joe
myWIFIzone
05-03-2005, 08:07 AM
Yes - it's not meant to replace WPA or WEP for stopping serious hackers. But our users seem to like the real-time blocking alerts rather than have to look at router logs. Next version will have a real-time intruder alerts feature which works in non-promisc. mode.
Tunasashimi
06-28-2006, 09:19 AM
Just thought i'd post my "secure" wireless setup:
I've got a linux box running IPcop firewall which is running FreeRadius
Then I've got a Dlink624 router connected to the network behind the IPcop box
I am running 802.11i (WPA-AES encryption) which is certificate base authentication with the authentication done through the radius server on the IPcop firewall box.
Then to top it off I am running an SSL VPN tunnel from my wireless connected laptop to the IPcop firewall box to further secure all packets transfered wirelessly.
to those of you who think I am paranoid, NO I'm not I was just bored at home drinking a few beers and got a bug up my $#% and decided to play around with that, plus it gives me a new service to office to my clients that want further wireless security.
-Josh
Sounds cool, I want to try the same.
Can you give any advice / did you run into any trouble / make any obvious mistakes that you can have me avoid?
Do I just install Freeradius, run it, configure it, and wha-la!? Put the radius ip, in my APs, configure my wireless client driver, and off I go?
Terrifying how scarce legible info on the subject is on the net. So I suppose its terribly straightforward or terribly hard.... either one of the two ;)
I've got a linux box running IPcop firewall which is running FreeRadius
Then I've got a Dlink624 router connected to the network behind the IPcop box
I am running 802.11i (WPA-AES encryption) which is certificate base authentication with the authentication done through the radius server on the IPcop firewall box.
Then to top it off I am running an SSL VPN tunnel from my wireless connected laptop to the IPcop firewall box to further secure all packets transfered wirelessly.
to those of you who think I am paranoid, NO I'm not I was just bored at home drinking a few beers and got a bug up my $#% and decided to play around with that, plus it gives me a new service to office to my clients that want further wireless security.
-Josh
Sounds cool, I want to try the same.
Can you give any advice / did you run into any trouble / make any obvious mistakes that you can have me avoid?
Do I just install Freeradius, run it, configure it, and wha-la!? Put the radius ip, in my APs, configure my wireless client driver, and off I go?
Terrifying how scarce legible info on the subject is on the net. So I suppose its terribly straightforward or terribly hard.... either one of the two ;)
umdivx
06-28-2006, 10:34 AM
Sounds cool, I want to try the same.
Can you give any advice / did you run into any trouble / make any obvious mistakes that you can have me avoid?
Do I just install Freeradius, run it, configure it, and wha-la!? Put the radius ip, in my APs, configure my wireless client driver, and off I go?
Terrifying how scarce legible info on the subject is on the net. So I suppose its terribly straightforward or terribly hard.... either one of the two ;)
The hardest part was getting Freeradius up and running. Hower I have now found an easier solution.
I am running DD-WRT open source firmware on linksys WRT54G and Buffalo Tech WHR-HP-G54 wireless routers.
Both of those routers support the open source firmware from DD-WRT (www.dd-wrt.com) and once you install that firmware it gives you a wealth of additional features, one of which is a radius server.
So one you get one of those wireless routers, install the firmware, you can easily setup radius auth using WPA/WPA2 encryption and it works extreamly well.
- Josh
Can you give any advice / did you run into any trouble / make any obvious mistakes that you can have me avoid?
Do I just install Freeradius, run it, configure it, and wha-la!? Put the radius ip, in my APs, configure my wireless client driver, and off I go?
Terrifying how scarce legible info on the subject is on the net. So I suppose its terribly straightforward or terribly hard.... either one of the two ;)
The hardest part was getting Freeradius up and running. Hower I have now found an easier solution.
I am running DD-WRT open source firmware on linksys WRT54G and Buffalo Tech WHR-HP-G54 wireless routers.
Both of those routers support the open source firmware from DD-WRT (www.dd-wrt.com) and once you install that firmware it gives you a wealth of additional features, one of which is a radius server.
So one you get one of those wireless routers, install the firmware, you can easily setup radius auth using WPA/WPA2 encryption and it works extreamly well.
- Josh
wi-fiplanet.com
Copyright Internet.com Inc., All Rights Reserved.
Copyright Internet.com Inc., All Rights Reserved.