[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Wireless questions

On Sat, 6 Aug 2005, David Purton wrote:

> I know, way OT, but I thought I'd pick people's brains on here anyway.
> I'm thinking about adding wireless connectivity to my home LAN.
> At present it looks like this:
>       +--------+
>       | switch |-- wired private network
>       +--------+
>            |
>          eth0
>            |
>   +-----------------+
>   | debian linux    |          +------------+
>   | server/firewall |-- eth1 --| adsl modem |-- internet
>   | gateway/router  |          +------------+
>   +-----------------+
> What is my best option?
> I was thinking of just putting another ethernet card in my server and
> getting a wireless access point to attach to it.

by server, i assume you mean your debian box

it'd be better to add a hub/switch between the dsl router and
your debian box and plug your wifi card into a 2nd 386-based PC
or buy a linksys wt54g with a modified firmware

> Then I could only allow
> traffic through to/from the wired network through a VPN (probably using
> openVPN, since I have used this before and it's easy enough to
> configure).

wireless traffic over vpn is good and bad

good.. that they cannot see its content in clear text, but 
since its vpn, they have access anyway unless you close off the 
vpn to allow just one mac address
	- good, always run wifi devices over ssh or vpn .. BUT ..

anything you can do .. they can do tooo ..  even more so if you don't
use any passwd or pass phrase, so it'd be pointless
	- passwdless login is a free use-any-time key to the cracker

they are the van outside the house or around the corner or behind the
house or at starbucks or the high powered wifi antenna on the mountain top

> What are the disadvantages of doing it this way?

what is important to you would decide which is better ...
	- time
	- ease to setup
	- data security
	- getting fired from the company because a cracker got
	into the corp lan from your wifi home network

endless tons of disadvantages no matter which way you do it

i opt for data and login security first ... time and costs is secondary
or non-issue ... data cannot be replaced/bought unless your backup
scheme is self checking and self correcting and secure

> And what hardware would you recommend to get this setup to play nicely
> with linux?

see above

any pci card will work

-- if you want your own AP .. you will have to pick a pci card that
   is supported by a wifi driver


-- if you want your own AP with WPA... you will have to pick
   a pci card that is supported by hostap or madwifi

-- if you buy off-the-shelf...
	- some netgear switches will not talk to linksys clients
	and vice versa ( s/netgear/any-commercial-product/g )

> I guess the other option is getting a wireless router which I could
> attach to my switch.
always put insecure wifi OUTSIDE the firewall

bad idea to put wifi inside ( your switch )

> How does this compare to using just an access point? Is it better?

linux based AP is better ...

- you can control what it does
- there is no default passwds that you didnt change
- you can use wpa, wep is broken and worthless for preventing prying eyes

c ya

Reply to: