Wireless Security
Jonathan Hutchins
hutchins at tarcanfel.org
Sun Dec 14 16:40:30 CST 2003
It looks like what's happening as wireless pushes into the consumer market is
that they are adding security features to the hub/routers. The SMC Barricade
wireless Cable/DSL router is a pretty complete package that MicroCenter has
for about $30. I have no idea what levels of wireless security they provide,
but the wired versions of the Barricade are perfectly adquate for securing a
home network on a Cable or DSL link. The reason this model is $30 is that
it's 11b (and so suitable for Linux), and they have their new 11g model out
for $109.
In the same MicroCenter flier are a bunch of other Wireless Acces Point
devices that include strong user authentication and even VPN tunneling right
in the WAP. If you need a more secure network, these things are all under
$300 for the base unit, and will work with most cards.
PCI cards are a lot harder to find, but I know they're out there. Many of
them are simply a PCI to PCMCIA adapter with a PCMCIA card stuck in them.
There are also cards that are sort of a hybrid of the above where there's a
partial PCMCIA card and some hardware integration.
So I think the recommendations we discussed in IRC yesterday (?) stand. For a
home system, pick up one of these 11b AP's or Routers for under $100, try to
find a card that's Linux supported if you have Linux boxes, and just accept
the standard level of security. Make sure you take advantage of the security
that's offered, setting a unique password and changing the admin name if
possible, setting a unique ESSID, enabling WEP with the longest key that the
hardware has in common*, and using the restricted mode that requires that a
node already have ESSID and keyphrase to even see the AP.
*Some cards allow longer keys than others. I had to drop my network key from
256 bits to 128 bits in order to accomodate a PowerBook. I think that if
someone's determined to hack your home network, that much difference in key
strength isn't going to help.
Good luck!
More information about the Kclug
mailing list