Re: Wireless Lans give EVERYONE ACCESS

[Erik Fichtner <techs () obfuscation org>]

On Thu, Aug 09, 2001 at 10:13:44AM +0200, Jonas Thambert wrote:
> WLAN is best used on a separate VLAN/NIC of the firewall in combination 
> with VPN into the rest of the internal networks.

Don't forget some kind of personal firewall on the devices in the WLAN 
segment. 

Additionally, you should run this with your default route on the other side
of the VPN gateway, and only allow traffic to your specific VPN router 
from your WLAN segment.

> The VPN authentication is best handled my RSA, safeword or biometric
> systems.

Indeed. The Timestep/Xylan/Alcatel VPN gateway is particularly nice in this
regard.. Certificate auth plus an additional RADIUS query. 

> Even then its not safe since it only takes 15 min to decrypt the
> 40-bits key. Maybe WEP2 128-bits key will solve that :-)

Heh. yeah. ~50 minutes.


-- 
                        Erik Fichtner; Unix Ronin
                    http://www.obfuscation.org/techs/
"The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself.  Therefore, all progress
depends on the unreasonable." -- George Bernard Shaw

Attachment: _bin
Description: