Re: [PLUG] OT: Large Wireless Network on the Cheap

[Paul <gyoza@comcast.net>]

James Kelly wrote:

> Paul wrote:
> | Crackers connecting to the access point could attack the clients
> | directly through their unencrypted channels.  I'm assuming that most
> | clients do not have their own firewalls.  (Is that a reasonable
> | assumption?)  The access point would have to restrict access to the VPN
> | port only to protect against that.  Again, there's that trade-off
> | between convenience and security since non-VPN clients would not be 
> able
> | to use the network.
>
> But why is this any more of a vulnerability using a VPN vs WPA?
If WPA or WEP allows clients to connect with or without keys, then I 
guess there isn't a difference.  A system that only allows VPN and/or 
WPA/WEP would be more secure.  In the case of VPN plus a wide open 
access point, all clients would be vulnerable just as if they were 
connected directly to the Internet without a firewall.

To me it's makes sense to only have a firewall at entrance points, not 
on every client.  A wireless connection should be treated like an 
Internet connection; it should not be trusted.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug