Securing 802.11 Transmissions, Part 1

dW writes "Write down your most private information, and then throw it out the window. That's what wireless data transfers are doing when they're not secured. The deployment of various wireless LANs and Wi-Fi networks or configurations are under consideration by many organizations, and network security is a major concern. This article discusses problems, tips, and best bets for 802.11x's elusive security."

Re:protect and serve

[Piquan]

No AP is going to do that for you securely. You can use MAC filtering, perhaps, but that can be subverted.

Use some random AP. Hook it up to a firewall. Use IPSec. From your "secure" IP range, only allow IPSec. Only allow packets to the VPN from the secure IP range.

Yawn..

[whois]

So I read this article thinking "Hey, someone wrote a guide on securing 802.11" completely forgetting that I'd seen one of those before.

The problem with these guides is that they all look the same, they all recommend the same course of action, but they provide no details as to how you run security.

For my wireless network I run mac address filtering, have the SSID set to not broadcast (and not accept ANY) and run these behind a firewall that only sends DHCP and only accepts encrypted PPTP traffic. (Not because PPTP is good, but because it's easy to setup in Linux and clients are free for windows). You can debate about DHCP being a good idea or not, but I like being able to take my laptop to other networks and not have to reconfigure.

So obviously I've given some thought to securing the LAN, but I don't think my answer is the best one and it's sure not the only one. What I want out of a "guide to securing 802.11" is some comments from the front line. I want to know what works and what doesn't. If checkpoint secureremote is what everyone uses, then I'd like to hear about it. If everyones using ipsec tunnels in freeswan, or Nortel Contivity stuff then great. Let us know what works and what doesn't.