[TriLUG] Wireless security connundrum

Josh Vickery josh at vickeryj.com
Mon May 29 10:09:35 EDT 2006 

The simplest solution I can think of it to require WEP on the access
point.  The Aironet may not support MAC filtering, but I suspect it
supports WEP.  WEP may not be very good protection, but neither is MAC
filtering.  Even on a WEP or WPA network wireless clients broadcast
their MAC addresses in the clear, and MAC addresses are not difficult
to spoof/copy.

The next simplest solution would probably be to replace your wireless
access points with one of the Linux running flashable Linksys routers.
 I've not run one myself, but plenty of people on the list have had
good success with them.
http://www.seattlewireless.net/index.cgi/LinksysWrt54g

Alternately you could use your Aironet behind some sort of routing
device  You say you don't want to add anything to your rack, but
perhaps you can make use of something that is already there.  All you
need is a computer with 2 network interfaces.

If you decide to go the router route, the simplest solution I can
think of is an "authenticating gateway."  This would not keep people
off of your access point (unless you ran it on the access point
itself) but it would keep them from moving beyond the wireless.
http://www.faqs.org/docs/Linux-HOWTO/Authentication-Gateway-HOWTO.html

Alternately, you could run a VPN server and require wireless clients
to pass through that to get beyond the WAP.  This is more complicated,
but has the advantage of being able to encrypt all of your wireless
traffic in a rather robust way.
http://openvpn.net/

Josh

On 5/24/06, Andrew Hunt <andy at pragmaticbookshelf.com> wrote:
>
> Hi all.
>
> I've got a wee problem I'm hoping ya'll can shed some light on, or at
> least point me in the right direction.
>
> I've got two wireless access points:
>
> 1) An ancient Aironet 4800E base station
> 2) A new Linksys one
>
> I would like to tighten up security and allow only designated MAC
> addresses access to the wireless, but I can't see how to do that on
> the older Aironet.
>
> It's a piece of cake on the new Linksys, but the Linksys has an
> effective range of about six feet (no joke), and the older (and wide
> open) Aironet comfortably blankets almost my entire 3 story house.
>
> I'd rather not stick yet another piece of hardware in the mix (I'm
> trying desperately to empty my full-size rack).
>
> Any clever suggestions?
>
> /\ndy
>
>
>
>
>
>
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>

More information about the TriLUG mailing list