Lee H. Marzke on 15 Jul 2011 12:34:16 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] personal WiFi security: Stopping the barbarians at the gates

----- Original Message -----
> From: "Rich Freeman" <r-plug@thefreemanclan.net>
> To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
> Sent: Thursday, July 14, 2011 4:10:19 PM
> Subject: Re: [PLUG] personal WiFi security: Stopping the barbarians at the	gates
> On Thu, Jul 14, 2011 at 4:02 PM, Floyd Johnson <fljohnson3@isp.com>
> wrote:
> > What, then, is/should be standard practice for repelling the
> > piggybacking byte-burglars who want to break into our home LANs?
> My understanding is that WPA2 has not been broken, so unless you give
> out the key you should be fine.  Of course, brute-force is always a
> risk if you use a low-complexity pass-phrase - you only get full
> security with a random key, which is of course next-to-impossible to
> enter.
> If somebody does know of a way to hack WPA2 reliably I'll be turning
> off my wireless, at least until I deploy a VPN or something.

You could put your Wifi device in a separate firewall zone specifically created
for Wifi access ( I do this with my Endian firewall that I've previously presented at PLUG )

The Wifi can be either open, or WEP,  but it only has Internet access and no
internal access.   You would then just fire up the VPN client to connect
to your internal network.

You can also further filter things so that even over VPN,  there is a limited
number of IP's or networks that can be accessed ( controlled by the VPN user ID )


Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug