[PLUG] Wireless Access Point Security

Keith Lofstrom keithl at kl-ic.com
Sun Apr 25 05:56:08 UTC 2010


> Paul Mullen wrote:
> >At some point you need to compare the cost of all these security
> >measures to their supposed benefit. What is the probability that
> >anyone cares enough about gaining access to your network that they'd
> >go to all the trouble of sniffing out the SSID, MAC addresses,
> >cracking your WEP, etc.? Rather quite low, I'd bet. It may be a better
> >use of your time to focus on host security instead.
> 
On Sat, Apr 24, 2010 at 12:56:26PM -0700, Richard C. Steffens wrote:
> Probably right. For years I've counted on my router hiding my house from 
> the outside world. I do have trouble getting from one machine to another 
> inside the house, sometimes (XP machines talking to Linux machines) but 
> I haven't put the effort into understanding all the issues involved in 
> good network security.

Since I can't evaluate them, I assume any wireless security system
is subject to careful observation and side-channel attack.  Protocols
come in two flavors - compromised, and soon-to-be-compromised.

So, I run my wireless system open, without encryption, on a DMZ port
on my ALIX router.  I use the same process to connect to my inside
systems via wifi as I am doing from the Sunnyvale Motel 6 room I
am in now - VPN and SSH.   Same weak link, same strong protocols.

     Open wireless access point on DMZ Port
                       |
Verizon WAN Port ---- ALIX ---------------- wired LAN Port
             <---- VPN ---->
               <-- SSH -->

Keith


-- 
Keith Lofstrom          keithl at keithl.com         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs



More information about the PLUG mailing list