NetStumbler.org Forums - View Single Post

agentgrn · 03-08-2003

The Contivity VPN client is what my company uses for remote access, and it's an IPsec client, so even if someone does break WEP, it'll be next to imposbile to break the IPsec stream.

That said, there are a few more things to do to button up.

Connect the 30 APs or so onto the same wireless backbone network and feed it into an unused port on your firewall (or add a port, if necessary) and configure the following rules:

1.) Allow DHCP.
2.) Allow VPN setup and traffic to/from the VPN server only. (IKE, AH, ESP)
3.) Deny everything else.

For management purposes, put your APs on a separate subnet on the same wire. Use a strong password and logging. Not sure on the Orinoco AP's, but disable management over the wireless interface.

There really aren't any security test kits, per se. You'd essentially have to read around and try to break into your own network, or hire a professional to make a complete assesment.

03-08-2003	#4 (permalink)
agentgrn KB1JQO - Packin' Heat Join Date: May 2002 Location: Worcester, MA Posts: 517	The Contivity VPN client is what my company uses for remote access, and it's an IPsec client, so even if someone does break WEP, it'll be next to imposbile to break the IPsec stream. That said, there are a few more things to do to button up. Connect the 30 APs or so onto the same wireless backbone network and feed it into an unused port on your firewall (or add a port, if necessary) and configure the following rules: 1.) Allow DHCP. 2.) Allow VPN setup and traffic to/from the VPN server only. (IKE, AH, ESP) 3.) Deny everything else. For management purposes, put your APs on a separate subnet on the same wire. Use a strong password and logging. Not sure on the Orinoco AP's, but disable management over the wireless interface. There really aren't any security test kits, per se. You'd essentially have to read around and try to break into your own network, or hire a professional to make a complete assesment. __________________ -A.G.-