Judicious use of the delete key is recommended for the uninterested.
A few suggestions based on experience obtained in the course of my
employment:
Don't rely on WEP to make your connection or data private, it only takes
a few hours of packet sniffing to crack the WEP key with publicly
available software (google for 'AirSnort'), it doesn't even require much
computer know-how to drive. Even trying to secure by limiting the MAC
addresses that can 'associate with' (connect to) the router or Access
Point (AP) is insecure as the MAC address can be overwritten by software
in most cases...
The only way to be really, REALLY secure is to treat the RF network as a
'hostile' network. Use of VPN's from the clients (with 'strong'
authentication) to a firewall between the AP, any wired network, & the
Internet (& blocking all other traffic) is the best way... All that
said, however, if they want in, they will eventually get in. you need to
try & make it too hard for them- thus keeping out the 'script-kiddies'-
the most likely persons to be doing this.
A couple of real world 'band-aid' suggestions:
* use the router as an access-point on the network (don't use
peer-to-peer if possible)
* use the lowest AP & NIC card RF output power consistent with reliable
operation at all locations, don't broadcast to the entire neighbourhood.
* use the highest encryption standard available to you.
* Limit the access to specific MAC addresses (hint: don't forget that
you have done this, you WILL pull your hair out for days wondering
why a new card/PC won't associate!!)
* Check logs frequently...
good luck...
davidt
On Sun, May 02, 2004 at 06:32:17PM +1000, dan@xxxxxxxxxxxxxx wrote:
> That being said, the 128-bit (or is it 256 or 512-bit? higher the
> better...) WEP should keep your network safe.
The olympus mailinglist olympus@xxxxxxxxxx
To unsubscribe: mailto:olympus-request@xxxxxxxxxx?subject=unsubscribe
To contact the list admins: mailto:olympusadmin@xxxxxxxxxx?subject="Olympus
List Problem"
|