On Wed, 2003-10-08 at 03:34, Paul Johnson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, Oct 08, 2003 at 01:16:34AM -0700, Tom wrote: > > Can you recommend an ideal network setup? I've given up on wireless > > because I don't feel like building a DMZ at home. > > You suggested the only possible solution if you want wireless with > something resembling security for your wired segments. Actually, MAC filtering is a rather secure way to run a wireless setup. It's a hell of a lot better than WEP at least. For a good chuckle at the expense of WEP, apt-cache show airsnort. :) Another alternative though I don't know how well (if at all) it's supported under Linux, is WPA. Unfortunately, that system is only as secure as your users make it. To borrow an old WW II slogan, "loose lips sink ships". MAC filtering should, theoretically at least, be the perfect protection. Then again, wired NIC's are supposed to have hard coded MAC addresses, and quite a few of them nowadays are at best coded in (modifiable) firmware, and at worst dictated by user-land software. So that only holds up for as long as wireless manufacturers don't slack off too much. But what the previous responses said still holds true. Either put a firewall between your AP and your network, OR, better yet, don't get in the habit of leaving unsecured machines on the network, even if they are in the DMZ. I try to give equal security consideration to all machines, regardless of if they're currently "open for attacks". Because, inevitably, at some point they WILL BE, and at that point you don't want any easily exploitable security holes. -- Alex Malinovich Support Free Software, delete your Windows partition TODAY! Encrypted mail preferred. You can get my public key from any of the pgp.net keyservers. Key ID: A6D24837
Attachment:
signature.asc
Description: This is a digitally signed message part