[PLUG] Re: Verizon FIOS & open wireless

george on 2 Oct 2007 22:00:32 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Re: Verizon FIOS & open wireless

From: george@georgesbasement.com

To: plug@lists.phillylinux.org

Subject: [PLUG] Re: Verizon FIOS & open wireless

Date: Tue, 02 Oct 2007 15:00:11 -0700

Cc: George Langford <george@georgesbasement.com>

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Internet Messaging Program (IMP) H3 (4.1.3)

Matthew Rosewarne wrote:

... I can guarantee you that there's no firmware on any consumer-grade AP that can do it, so you would need to use a custom firmware. Here's how I would go about it:

1. Since WEP is worthless, don't bother with it. 2. The wireless network is to be treated as a DMZ or external/untrusted zone, just like the internet. 3. To get out of the DMZ and into the internal/trusted network, you use a cryptographically-sound VPN, such as an IPSec tunnel. Filtering MAC addresses is in no way to be considered "security". 4. Set up QoS so that any traffic in or out of the internal network has absolute priority over traffic from the DMZ, so people can't hog your connection. Rate limiting is not particularly helpful, since DMZ traffic can still hold up "trusted" traffic. 5. Any other restrictions on DMZ traffic are up to you.

Smoothwall.org may be doing that already: See: http://community.smoothwall.org/forum/viewtopic.php?t=23955

Key NEW features & improvements in Version 3.0; * POP3 Email antivirus proxy ? email scanning with market-leading ClamAV * ?Purple? network interface ? keep wireless clients like laptops safely off the main network. * Inline Proxy support for Instant Messaging (MSN, ICQ, Yahoo!, AOL) & VoIP with logging capabilities ? monitor/record conversations & filter objectionable words & phrases. * Universal Plug n Play Support (UPnP) - essential for getting your Xbox 360 and other games consoles online. * Bandwidth Management ? prioritize important traffic & speed up browsing with a new web-caching proxy. * Real-time Graphs & per IP Traffic Stats ? view & track web usage per user on an hour by hour, day by day or month by month basis. (great for people with download quotas) * New, easier update system - Easy to use, single click update system for keeping your protection up to date. * Outbound traffic blocking with time-based controls ? restrict Internet access for different users at different times of the day

I'd have jumped right on it, but my Smoothwall v.2 isn't up to the task. I'll have to look for another, younger (not 15 years old) old PC.

George Langford ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] Single Port KVM - IP based

Next by Date: Re: [PLUG] Verizon FIOS & open wireless

Previous by thread: [PLUG] Choosing a router's security log settings

Next by thread: [PLUG] Re: Single Port KVM - IP based

Index(es):

Date

Thread