Re: [PLUG] OT: Large Wireless Network on the Cheap

[Jason Costomiris <jcostom@gmail.com>]

On Thu, 14 Oct 2004 12:46:01 -0400, Paul <gyoza@comcast.net> wrote:
> Crackers connecting to the access point could attack the clients
> directly through their unencrypted channels.  I'm assuming that most
> clients do not have their own firewalls.  (Is that a reasonable
> assumption?)  The access point would have to restrict access to the VPN
> port only to protect against that.  Again, there's that trade-off
> between convenience and security since non-VPN clients would not be able
> to use the network.

Not necessarily..  Let's see...

Linux clients - iptables
Mac OS X clients - ipfw (configured with a few check boxes in the
Network Control Panel)
Windoze - any personal firewall
*BSD - ipfw/pf/etc.

Did I miss any?  Your VPN should be configured to force all traffic
over the VPN, and with a firewall in place on the WLAN side of the
network, your firewall shouldn't allow inbound connections to the
system.  Not ideal, but it would work.

You could step it up a bit with MAC filtering, but you know how far
that gets you..

--j


-- 
Want a gmail invite?  Help me get a free iPod for my wife.
http://www.freeiPods.com/default.aspx?referer=9913261
No cost to you, free iPod for her, gmail invite for you.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug