My Wireless Network

 

Home
Louisiana History
Bendel Gardens
About Us!
Fighting Spam with Bayesian Statistics
Wireless Security
Digital UV and NIR photography
Genes Geek Gadgets
Genes Soapbox
Miscelaneous Stuff

 

Well, I have been running wireless (802.11b) for quite a while, since pretty much the beginning.  I have been running fairly secure. 

128 bit wep keys (not dictionary based), mac address filtering, and an access point whose firmware has been modified to do weak key avoidance. 

It is was good enough, considering how long someone would need to stay parked in my driveway to gather enough packets to crack the keys.

Well, recently my neighbors (all around) have installed wireless as well, and most of their stuff is wide open (sigh.  Don't get me started.)  Well, Ok, that's fine, effectively a built in honeypot.  Why would anyone bother trying to get on my network, when they can get a much easier target on either side.   Until I made the mistake of walking outside with my new Ipaq.  Hmmm...my Ipaq actually prefers to hit their networks rather than my own.  I do have thick walls, lots of wood, and tile, which effectively cut my poor little 30mw signal down to nothing.  That just wont do.  Lets see...how to fix that......

A brand new 200mw enterprise class access point does the trick.  Hmmm...almost tripled my  range around the house, that's no good either.  Its one thing to sit in my driveway and try to crack my keys, its another when you can sit in your living room 2 blocks away (yes, I could lower the output power, but where's the adventure in that).  So, up goes security.  I am now running a very nice little freeradius server that boots and runs Linux from a cdrom (even if you could hack in, you still couldn't change anything).  It only allows EAP-TLS authentication.  Set the access point to do EAP-TLS with reauthentication every 250 seconds, and dynamic wep keys that change every 200 seconds.  No user names, no passwords, digitally signed certificates that need to match each machine I allow access to.  And of course I still filter  on mac addresses.  I do broadcast an SSID simply because there is no reason not to.  If you think you can actually hide your SSID, ask me, and I will show up and tell you what it is within 30 seconds.

Ahhhhh.....secure at last.  Overkill?  Hell yes, but I am a geek.  Go ahead people, sniff away, your going to need a heck of a lot more than a Pringles can and airsnort to crack this one.

Home | Louisiana History | Bendel Gardens | About Us! | Fighting Spam with Bayesian Statistics | Wireless Security | Digital UV and NIR photography | Genes Geek Gadgets | Genes Soapbox | Miscelaneous Stuff

This site was last updated 02/19/04