On Sat, 2003-11-29 at 22:23, Doug Chamberlin wrote:
[...] Err, why not a Linksys wireless router/firewall?
Or a Linux firewall with a basic WAP hanging off a protected interface? Unfortunately, such a critter seems to cost nearly as much the full-blown, wireless router/firewall products, but they're still a bit less if you can find them. I found Netgear and Buffalo units locally, for about $120, with a preference for the latter as it has MANY more configuration options for logging and security. I use the basic 802.11 features to protect the link (WEP/WPA, MAC filtering), and count on my Linux firewall to protect me from wireless "outsiders" just as I expect it to protect me against Internet-based "outsiders". This gives me an extra layer of protection from wireless They have to get IN to the wireless network -- harder but theoretically not impossible -- and then past my firewall rules to actually DO anything, at which point hopefully snort and arpwatch have alerted me). True, a commercial product does the basics, and far more simply. But then, I wouldn't be using Linux for security if I wanted to take the easiest route. I'm checking out the host-based AP efforts, but haven't made that jump quit yet. I do like the little commercial products, as they'll fit into tight places to allow better antenna coverage. - Bob