OT: unathorized network user.

Bob Goodwin bobgoodwin at wildblue.net
Sun Jan 27 16:39:42 UTC 2008 

Tim wrote:
> Tim:
>   
>>> NB and NB well:  MAC filtering so your neighbour doesn't accidentally
>>> connect is NOT a SECURITY issue.  It doesn't matter, at all, if they try
>>> and connect when you've got good encryption.
>>>       
>    
>
> Bob Goodwin:
>   
>> Encrypt what?  Where do I start implementing encryption?
>>     
>
> The traffic.
>
> You can use WPA2 encryption on the wireless hardware, with good
> passwords/encryption keys.  I haven't recently gone looking to see if
> there's an easy crack for this, it's a while since I had to deal with
> securing someone else's network.  We cable things.  But going on prior
> examples, I don't hold much faith in it being uncrackable.  Lesser, and
> older, schemes are definitely no good, though (e.g. WEP).
>   
I just wanted someone to assure me that encryption meant  WEP/WAP 
whatever.  I thought there may have been something else I had missed.  
Actually I have little worry about anyone gaining access to our wireless 
LAN due to our remote location and the absence of nearby neighbors.  I 
know from experience that casual users with portables can't get into the 
system so my security is good enough to keep honest users from 
accidentally accessing this system.

We are however limited to WEP due to an old WET11 Ethernet adapter I put 
on the kids computer.  However as I said I don't consider the wireless 
as a likely security problem.
> Or, you can tunnel.  In this case, you need your access point to only be
> *between* the remote wireless devices and some controllable network
> device.  That other "controllable" part of your network is where you
> apply the restrictions.  If your access point is also your internet
> router, they'd have unfettered access to the internet.  You use an
> encrypted tunnel through unencrypted networks.
>   

This sounds like a "science project," at least it would be for me.  The 
Netgear router gives me a convenient point of control and enables me to 
block access as needed, allow only certain MAC addresses, etc.  I know 
none of this is high security, but probably enough for our purposes.  
Now if only I could get it to actually mail me it's logged data.  I told 
it to do so, but that doesn't work and I can't find the log files except 
via the browser screen?

Thanks. 

Bob Goodwin

More information about the fedora-list mailing list