|
General software and network General OS-independent software and network questions, X11, MTA, routing, etc. |
|
Thread Tools | Display Modes |
|
|||
O.K. - I found IPSEC and will read up on it. I couldn't find VPN - I saw OpenVPN (openvpn.net) in pkgsrc; is that what you are referring to?
Also, will this work with the gateway (AT&T 2701HG-B) that also needs to communicate via wired to the tower that is currently running Slackware and the laptop when I feel like plugging it in? The gateway is the access point, not the laptop - and the gateway doesn't have too many options (it's a consumer DSL) - I just wonder if the gateway can handle this.
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14) |
|
|||
Or have a look at authpf http://netbsd.gw.com/cgi-bin/man-cgi?authpf++NetBSD-4.0
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Quote:
That being said, WPA2 at least right now, is only able to be cracked through brute force, so if you have a very strong key, I would say you are good to go. Of course, if you like experimenting, setting up OpenBSD with authpf and ipsec is always a fun weekend project for an alternative method of securing your router.... Cheers, Alphalutra1 |
|
||||
Quote:
While IPSec is the gold standard, it's tricky and the ssh is/was a lot easier (for our context). /S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience. |
|
|||
Quote:
Cheers, Alphalutra1 |
|
|||
Quote:
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14) |
|
|||
Quote:
If all you allow is SSH connectivity.. clients would be required to authenticate.. so unless they stole your key & passphrase, you should be safe. Also, in that sort of setup... typically you wouldn't want to use password-only authentication.. as it would be brute forcible. |
|
||||
Quote:
- SSID Broadcast: If the SSID is always being broadcast then a war-driver will see the network within a short period of time even when there are no clients using it. When the SSID broadcast is turned off, someone has to be using it at the time for a war driver to see the network. - MAC filtering: if a client is not using the network, and the intruder spoofs the MAC address, then this line of defense is not relevant. But imagine you are using your MAC address when an intruder attempts to spoof yours for their own connection to the gateway- that leads to very funky, broken connections, and can tip off a user that something is amiss. Think of it as a tripwire. So, to summarize, these steps taken on their own is not a wise path. But looking for the single "Holy Grail" of security isn't, either. Once your single 'ultimate solution' has a chink in it's armor, you are almost as insecure as using the above methods on their own. Using as many techniques at your disposal, on the other hand, will make things more difficult for an intruder, and can sometimes tip you off that there is even an intruder lurking in the first place.
__________________
Network Firefighter |
|
||||
Quote:
It's encrypted and authenticated traffic only. /S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience. Last edited by s2scott; 21st November 2008 at 04:09 AM. |
|
||||
Quote:
Quote:
Double bingo! /S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience. |
|
|||
Quote:
Comparing with wired, wireless networks are not very safe/useful under DOS attacks. And anything can't help you in this situation, except if you invest some money in your home decoration |
|
||||
Quote:
At least M$ got that one right To stay on the same note, I am shopping for SGI O2 to do my online banking. SGI O2+OpenBSD, I call that real security through obscurity. Bok, OKO |
|
|||
Hi JMJ,
You can protect your home network by using network access password. Be sure to register all devices on your network, including computers, laptops, media players, and networked storage if you are using MAC filtering. Also, be sure to enter the MAC addresses correctly as if you enter the wrong ones, you will not be able to connect the computer to the router to change them back and you will need to reset the router. Some routers allow you to save them while they are connected. thanks!! |
|
||||
Re: SSL
Quote:
I don't see where SSL would be considered insecure if properly implemented. The biggest issue I would think is that it only authenticates from the Server side, and doesn't authenticate the client. In other words, someone who can gain access to your credentials (say online banking passwords etc) can 'authenticate' from anywhere since the session establishment is only one-way. Also, as evidenced by the recent Comodo partner-hack, it can take some time before a Certificate Authority finds out that a certificate has been issued by the wrong hands.... SSL only works for TCP too, not UDP which as I understand it, things like VOIP use. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
how to secure my ftp? | milo974 | OpenBSD Security | 3 | 4th August 2009 03:47 PM |
Securing wifi networks with ipsec/ssh and openbsd | Oko | OpenBSD Security | 4 | 16th April 2009 07:32 AM |
Is this secure? | Ungenious | OpenBSD Security | 4 | 30th November 2008 02:27 AM |
I would like to secure a system | kungfujesus | OpenBSD Security | 4 | 28th September 2008 04:30 PM |
DMZ for two networks users... | maurobottone | OpenBSD Security | 6 | 2nd June 2008 02:57 PM |