RE: [PLUG] OT: Large Wireless Network on the Cheap

Aaron Crosman on 11 Oct 2004 13:20:03 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] OT: Large Wireless Network on the Cheap

From: "Aaron Crosman" <ACrosman@afsc.org>

To: <plug@lists.phillylinux.org>

Subject: RE: [PLUG] OT: Large Wireless Network on the Cheap

Date: Mon, 11 Oct 2004 09:19:43 -0400

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

Thread-index: AcSuEPKwwTtfBgh3Tyy7gW05b015OgBgmJog

Thread-topic: [PLUG] OT: Large Wireless Network on the Cheap

>As described here, you would be creating a *huge* breach in network security >and paying to do it. Why would guests use the network? Will the connections >be encrypted? Will the signal radiate to neighboring floors and to the outside > world? There is a lot more to consider than simple connectivity. After careful >consideration, you may not even want to deploy such a wireless network. >(I'm speaking in general and not assuming you haven't given it thought.) > >MAC filtering is a weak defense anyway because almost anyone can change >their MAC address to match an authorized address. For the exact reasons stated above the wireless network is physically separated from our main network. Runs through a different firewall, and has no access to our main network. I knew better then to trust myself to run a secure wireless network from the time I read my first article on them. While this does open up the risk of outsiders getting on the network, I'm willing to run those risks. The building we operate is somewhat unique in that we are the largest tenet, and co-owner's of the building with the other large tenets. The conference rooms are all shared between all residents, and since most of the organizations (maybe all) are non-profits we have a large number of volunteers that pass through for work and meetings. We'd like to be able to extend wireless access to those folks with a minimum of effort. Over time I expect my main system of limiting unwanted guests on the wireless will be to control signal bleed. As for encryption I've been torn about what's the right approach. Since WEP only keeps the honest people honest is it worth the effort with lots of independent base stations. I've been inclined to set it up with WEP and change the password rarely (if ever) so the network LOOKs encrypted to those sniffing and as I said, keeps the honest people honest. Our users all can use a VPN to our main network if they need proper access (and security that take real skills/experience to over come). The other element I have considered, but know almost nothing about is using a Radius server. Has anyone used FreeRadius? On wireless? How much of a hassle is it to setup and run? My understanding is that it might give me a better chance on limited network access but I haven't really been able to wrap my head around the administrative implications. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] OT: Large Wireless Network on the Cheap
From: Paul <gyoza@comcast.net>

Prev by Date: Re: [PLUG] Logrotate

Next by Date: Re: [PLUG] OT: Large Wireless Network on the Cheap

Previous by thread: RE: [PLUG] OT: Large Wireless Network on the Cheap

Next by thread: Re: [PLUG] OT: Large Wireless Network on the Cheap

Index(es):

Date

Thread