[TCLUG] Wi-Fi security question

Mon Dec 29 13:33:49 CST 2003

I have a setup like this at home, and yes - I use DMZ pinholes to allow traffic through to my "secure" internal network.  However, I don't worry about much (i.e. file sharing and printing) - I only allow port 22 (SFTP/SSH) and 3389 (Terminal Services) through.

But lets be realistic here...this is your Mom's setup.  We can argue all day about how insecure 802.11 protocols are even when "secured" (i.e. WEP, WPA, MAC filtering, etc) but the bottom line is for Mom's connection if you setup WEP and change the router's default password you are about 5x ahead of the average household.  Yes a DMZ is best, yes this setup (WEP only) is relatively "risky", but do you want to have to make Mom's network/life so complicated? :)

Unless Mom is running a home business or something, I think just the router and WEP should be OK.  We don't need to over engineer every solution..most war drivers will see the WEP enabled and move on to a much easier target (because there are plenty).

sk3tch

-----Original Message-----
From: tclug-list-bounces at mn-linux.org on behalf of The Wandering Dru
Sent: Mon 12/29/2003 12:37 PM
To: TCLUG Mailing List
Subject: [TCLUG] Wi-Fi security question

My mom is looking to go the wireless route in the near future for her 
laptop.  I know a lot of you that use wireless put the AP on the DMZ of 
your firewall.

My question is this, do you pinhole the firewall to allow certain 
services(ie, filesharing, printing, etc.) back into the LAN or do you 
just limit the AP to internet access?  Or is there some other fancy way 
to allow these services that I'm not aware of?  I'm mostly just looking 
for a security/convenience trade-off comparison.

I have nearly no expereince with wireless and would like to come up with 
a plan/cost before I go buying stuff willy-nilly on my mom's bill.

-- 
The Wandering Dru <dru at druswanderings.net>
http://druswanderings.net <--- Things 'n' Such

Get nifty TCLUG merchandise at the TCLUG Store!
http://www.cafeshops.com/tclug

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 3724 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20031229/fd9b1a5e/attachment.bin
-------------- next part --------------
_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list