Advice wanted regarding setting up WiFi

Tony Del Porto tony at usenix.org
Wed Mar 31 23:05:37 PST 2004


Bill,

On Mar 31, 2004, at 3:54 PM, William R Ward wrote:

>
> My brother-in-law who lives in Tokyo bought a new iBook and sent us
> his old one, along with a WiFi base station.  My wife really wants me
> to hook it up so she can be online in the bedroom, but I'm worried
> about security.
<snip>
> ...
> So I see two options:
>  1) Add a new firewall box between the cable modem and the WiFi
> station, and then our existing firewall between that and the wired
> computers.
>  2) Add a second ethernet port to our Linux server and connect the
> WiFi to that, and use Linux's built-in firewall to control access.

Since you only have one IP Option 2 is probably the easiest. I do this 
at home and at conferences with OpenBSD  and pf fairly trivially; not 
sure how easy the ruleset is to create with IPChains.

> Either way, I would also want to set up something to provide
> authentication (NoCatAuth?) so only authorized users can use it.

If it is only your wife's laptop that will be on the wireless network 
WEP, MAC address restriction, and running the network closed should be 
sufficient to keep casual attackers off your network. WEP cracking 
needs a certain amount of traffic which doesn't take long to generate 
on a busy network, but may take a while longer on a home network with 
one host.

The true paranoid will only allow IPSEC connections to the gateway as 
Alvin recommended. There is a software package that makes this easier:

http://www.freeswan.org/

It looks like they've stopped development, but the release works. OS X 
as of 10.2 has IPSEC capability, but I've never configured it so I 
don't know how easy or not it is.

> I have very little spare time to mess with this, so I want something
> that can be set up easily.  I also don't have the budget to be buying
> a lot of hardware.
>
> With these constraints in mind, what's the best solution?


I'd look at FreeS/WAN if the risk of someone stumbling on your network, 
spoofing your Wife's laptop's MAC address, cracking the WEP key, and 
then doing illegal things is unacceptable.

Good Luck!

Tony




More information about the Baylisa mailing list