So how DO you secure your network?

Configuration and operational information about stumbled AP's

So how DO you secure your network?

Postby mightymouse » Tue Jan 14, 2003 3:32 pm

Well, I tried searching and couldn't really find this information too readily. Here's what I want to know...

How do you secure your network from people gaining access to it, but still allow them access to the internet?

I don't mind people using my bandwith, but I do mind them snooping around my personal files.

thanks
mightymouse
Mini Stumbler
 
Posts: 19
Joined: Wed Jan 08, 2003 6:43 pm

Postby renderman » Tue Jan 14, 2003 5:46 pm

Seperate NIC in the firewall on it's own subnet with no routing or links to the other interfaces. (OpenBSD BTW)

Ontop of that I'm putting in a captive portal / RADIUS / Something to provide authentication as soon as I find something that works nicely.

Never underestimate the deterant capability of a large baseball bat though :)
User avatar
renderman
 
Posts: 1867
Joined: Thu Jun 06, 2002 5:29 pm
Location: Anywhere but Utah

Postby Dr3D1zzl3 » Fri Jan 17, 2003 2:46 pm

use nocat auth, for your portal.

i secure my network by not having one.
Dr3D1zzl3
 
Posts: 371
Joined: Thu Apr 18, 2002 1:12 pm

Postby mightymouse » Fri Jan 17, 2003 9:55 pm

Originally posted by Dr3D1zzl3


i secure my network by not having one.



But what fun is that then? :D
mightymouse
Mini Stumbler
 
Posts: 19
Joined: Wed Jan 08, 2003 6:43 pm

Postby Thorn » Sat Jan 18, 2003 6:37 am

How do I secure my network? Let me count the ways:
SSID off.
MAC enabled.
Seperate routed subnet.
NIDS.
RADIUS.
Antennae focused to limit distance.
Guard dogs on patrol of the perimeter fences.
Pychopathic guards with stong homicial tendencies, armed with sniper rifles.

OK, OK, the last one is a bit exaggerated. ;)

My question to you is this: If you have any confidentional data, why would you consider placing an open connection to your network?

Secondly, why would you share the connection in the first place? What are you gaining? Profit? A way to meet chicks? A warm fuzzy felling? I've heard the "free beer" arguments, but truth be told, I'm suspicious of altruistic behavior. For an example right here in our little corner of the net, look here: http://forums.netstumbler.com/showthread.php?s=&threadid=5339
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby Madhadder » Sat Jan 18, 2003 7:51 am

Hot Glue & Duct Tape!!!! :D
User avatar
Madhadder
 
Posts: 1619
Joined: Sat Apr 13, 2002 5:37 am
Location: Munich, Germany

Postby mightymouse » Sat Jan 18, 2003 8:52 am

Originally posted by Thorn
My question to you is this: If you have any confidentional data, why would you consider placing an open connection to your network?


That is a good point, but then again, when I am accessing that information (CCs, banks etc..) I can just disconnect the network, right?

Argh, too much hassle, I think I'll just stick to a closed network.

Thanks everyone...

especially the smart a$$ glue and duct tape answer :) I should have been more specific
mightymouse
Mini Stumbler
 
Posts: 19
Joined: Wed Jan 08, 2003 6:43 pm

Firewalls and stuff

Postby g0tr00t » Sat Jan 18, 2003 1:47 pm

Four firewalls. (2 hardware, 2 software)

Encryption, broadcast off, MAC filter, etc...

Paranoid. Who me? :D
g0tr00t

"Its all fun and games until someone gets killed."
User avatar
g0tr00t
 
Posts: 352
Joined: Thu May 02, 2002 5:01 pm
Location: r00ting y0ur b0x.

Postby Madhadder » Sat Jan 18, 2003 11:34 pm

especially the smart a$$ glue and duct tape answer :) I should have been more specific


Well, if it's an install in a problem area I also use
Bailing wire & Sheetmetal, let's see if you can hem
this here AP in... Ready..GO
User avatar
Madhadder
 
Posts: 1619
Joined: Sat Apr 13, 2002 5:37 am
Location: Munich, Germany

Postby netrambler » Tue Feb 25, 2003 5:02 pm

I've read about having seperate subnets as part of their network security. I've also read about a bridged linux firewall (single subnet). Are there disadvantages to using this setup?
Attachments
general_network.jpg
general_network.jpg (37.81 KiB) Viewed 2334 times
netrambler
 
Posts: 95
Joined: Mon Jan 13, 2003 10:37 am
Location: NW Chicago

Postby Shocksll » Thu Feb 27, 2003 5:20 am

My order is:

Cable Modem
Dlink Wireless Router (Running 128 bit WEP)
Linksys Router

I have all of my computers hooked up to the linksys router. I also have a Win2k Server running VPN connected to wireless router on one nic and to the linksys router on a second nic. On my server I use IPSEC as a packet filter and only allow data from the linksys router and my wireless router to connect to it unless it is the VPN port. So to access my network behind the linksys router one has to VPN into my server.

I used to have ip filtering enabled on my wireless router to only allow traffic from my linksys router and my server, this requires all wireless clients to authinticate by VPNing into my server to get internet access. But this made things really slow so I quit doing it.

So basically if someone cracks my wep password and connects to my network then they will be able to surf the web but will not be able to access any other systems on my network except for other wireless clients. On my laptop I have a firewall on my Wireless connection.
Shocksll
Mini Stumbler
 
Posts: 1
Joined: Mon Feb 24, 2003 7:34 pm

Postby TheSovereign » Thu Feb 27, 2003 6:33 am

i got a it on direct line to a win2k box with 2 nics
vpn in

wep on
mac on
ssid comes up as blank
wep password rotated once every 2 weeks
SO SAYS TheSovereign
User avatar
TheSovereign
 
Posts: 658
Joined: Sun Jun 30, 2002 2:35 am
Location: chicago


Return to AP Information

Who is online

Users browsing this forum: No registered users and 3 guests