|
PureBytes Links
Trading Reference Links
|
In a typical corporate wireless setup, the wireless router terminates
into a DMZ (a firewalled
section of the network) and a VPN or bastion host is used when drive
mapping / IP routing
is required.
Try to find a Wireless with a built in Firewall, failing this, consider
a dedicated hardware FW,
or at least at software one. If your Wireless unit doesn't support VPN,
consider supporting
one in software ... Google is your friend.
Justin
---
Gary Fritz wrote:
I have a friend who is always notebooking around all over and he
says he does that all the time.
"War driving" (named after "War Dialing," the practice of dialing
every number in an exchange looking for modems, as popularized by
Matthew Broderick in the 1983 movie "War Games") is incredibly
popular and incredibly easy. Most people bring their wireless
router home from Best Buy, plug it in, and go. They never bother
to turn on any of the security settings. Their router broadcasts
its presence to the world, and anybody can get on. Drive around
with a wifi notebook and you'll find open access points all over
the place.
That's definitely a bad idea. But wireless routers don't HAVE to
be insecure. I did the following to my router:
* Disabled broadcast of the router's wifi SSID (so you have to
know it's there to find it)
* Changed the router's default wifi SSID (so you have to know
what it is to connect to it)
* Limited the # of open connections to the # of wireless units
in the house
* Limited the MAC ID#'s (hardware address in the LAN card)
that are allowed to connect to a specified list -- so
unless it's one of our devices, it can't connect. I suspect
this is the best hacker-blocker in the list.
* Encrypted the data passed over the air
That took all of 10-15 mins when I set up the router, just read
the instructions and point & click. No war driver is going to
tap into MY wifi. I doubt even a very savvy cracker could worm
his way into the wifi even if he knew it was there and knew what
the SSID was.
Now my cordless phones, that's an entirely different story... :-)
Gary
|