[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

How to secure access to WLAN?


  a couple of words about my boxes set up at home. I have one box, rock,
connected to a dsl-router on one interface, outside interface, and the 
boxes on another interface, inside interface. On rock I use
shorewall/iptables for NAT and blocking all incoming tcp/ip connections. So 
far so safe, I

  (Un)fortunately I also have a wlan access point plugged on to the inside
interface. I am currently using WEP128 with shared keys on a netgear 802.11/g
access point to encrypt the traffic.
I am running a wide range of protocols from different devices though the
access point. Some devices, like my palm tungsten c, do know about vpns, some
computers like the notebooks friends bring over don't (at least not yet). If I
can't get the latter solved, that would be acceptable to me. Still I would
appreciate having a solution for that too. As I am with it, I also hate to 
away the WEP encryption keys to my visitors. This is not so much a matter of
lack of trust, but it doesn't feel the right way to me.

  From what I've read so far this is pretty unsafe (the WEP part).

  Sniffing through a couple of messages I got the feeling that setting up a
vpn would be the solution to at least my major concern, getting rid of WEP.  

  Would this be the right approach?

  Did anybody do this and cares to share the experience made?

  Was it hard to implement?

  I am not an admin wiz. Do I need to in order to get a small and simple vpn
up and running?

  Would I need a third network card to put into rock in order to separate
the wlan clients "physically" and ease setting up things with the vpn and the

  What about performance? I'd like to play online games over wlan and am
concerned about latence.

  I am not looking for something sophisticated for the sake of technology
per-se. Quite on the contrary I just want nobody browse my filesystem/samba
shares. If there is something easier and still safe, I would go for it.

  Would it make sense instead of utilzing a vpn to to run some kind of
authentication over http first and what would that mean in terms of effort to 
it going?

  That were a lot of questions. All hints are appreciated.


Reply to: