[36914] in North American Network Operators' Group
RE: Custom Wireless Solution
daemon@ATHENA.MIT.EDU (Mike Schoenecker)
Wed Apr 25 18:54:22 2001
Message-ID: <424769F9B8BE6249825C23CFCA0A424740600C@denexh01.yipes.com>
From: Mike Schoenecker <MSchoenecker@yipes.com>
To: Lincoln Dale <ltd@interlink.com.au>,
Mohan Sundar <xmohansundar@yahoo.com>
Cc: "Dominic J. Eidson" <sauron@the-infinite.org>,
Wojtek Zlobicki <wojtekz@idirect.com>, nanog@merit.edu
Date: Wed, 25 Apr 2001 16:48:46 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----_=_NextPart_000_01C0CDD9.E2C6CA90"
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_000_01C0CDD9.E2C6CA90
Content-Type: text/plain;
charset="iso-8859-1"
-----Original Message-----
From: Lincoln Dale [mailto:ltd@interlink.com.au]
Sent: Monday, April 23, 2001 3:11 AM
To: Mohan Sundar
Cc: Dominic J. Eidson; Wojtek Zlobicki; nanog@merit.edu
Subject: Re: Custom Wireless Solution
At 11:57 PM 22/04/2001 -0700, Mohan Sundar wrote:
>How secure is this connection? Does 802.11
>provide security implicitly?
802.11b has some degree of inherent security.
one can apply WEP (Wireless Equivalency Protocol) to encryption the data,
but even that has been shown to be vulnerable
(http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html)
there are a few alternatives that can be used to make it more secure:
[1] deploy a setup whereby one has per-user dynamically-changing WEP
keys. details on how one vendor can do this are at:
http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/1281_pp.htm
details on how to actually configure it is at:
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/a
p350scg/ap350ch3.htm#xtocid586920
[2] don't trust the link layer, and encrypt everything you send.
this could be as simplistic as adding MAC-address filters to your
access-points and building a tunnel of some kind (eg. IPsec, or
even as simplistic as SSH port-forwarding).
if one is prone to be paranoia, using both [1] and [2] probably makes sense.
cheers,
lincoln.
------_=_NextPart_000_01C0CDD9.E2C6CA90
Content-Type: application/octet-stream;
name="Metricom Ricochet Advantage Technology Overview.url"
Content-Disposition: attachment;
filename="Metricom Ricochet Advantage Technology Overview.url"
[DEFAULT]
BASEURL=http://www.metricom.com/ricochet_advantage/tech_overview/index.html
[InternetShortcut]
URL=http://www.metricom.com/ricochet_advantage/tech_overview/index.html
Modified=E0C1760ADD83C00142
------_=_NextPart_000_01C0CDD9.E2C6CA90
Content-Type: application/octet-stream;
name="AeroComm Inc The Worldwide Leader in Affordable Complete Wireless Solutions.url"
Content-Disposition: attachment;
filename="AeroComm Inc The Worldwide Leader in Affordable Complete Wireless Solutions.url"
[DEFAULT]
BASEURL=http://www.aerocomm.com/
[InternetShortcut]
URL=http://www.aerocomm.com/
Modified=001FC977E683C00189
------_=_NextPart_000_01C0CDD9.E2C6CA90
Content-Type: application/octet-stream;
name="Proxim Home Page.url"
Content-Disposition: attachment;
filename="Proxim Home Page.url"
[DEFAULT]
BASEURL=http://www.proxim.com/
[InternetShortcut]
URL=http://www.proxim.com/
Modified=00F6A78FE683C00156
------_=_NextPart_000_01C0CDD9.E2C6CA90
Content-Type: application/octet-stream;
name="Stratum Wirefree Bridge Family.url"
Content-Disposition: attachment;
filename="Stratum Wirefree Bridge Family.url"
[DEFAULT]
BASEURL=http://www.proxim.com/products/stratum/index.shtml
[InternetShortcut]
URL=http://www.proxim.com/products/stratum/index.shtml
Modified=D043B7BEBA76C00179
------_=_NextPart_000_01C0CDD9.E2C6CA90--
