.

a petri-dish bridge

<<

notgeekenough

Newbie
Newbie

Posts: 2

Joined: Fri Dec 26, 2008 12:07 am

Post Sat Jan 03, 2009 8:31 pm

a petri-dish bridge

I've posted this question on two forums (DD-WRT, Linux) with no response. It has to do with manufacturers forcing insecurity of wireless lans. It seems like no matter how much you want, you can't truly secure you're WLAN unless you use a minimal # of devices. Right now, I'm running WPA2/AES which two laptops, a Wii and a linksys camera can use and a wired server. All the kids have DSs which can only connect with WEP and I would like to set up RADIUS which would remove the Wii and camera. What I would like to do is buy a cheap wireless AP and set up WEP for the Wii, camera and DS (can these be hacked?). This AP would would limit traffic to/from its stations and "bridge" with the primary secure AP in such a way that the laptops and wired server would not be affected. Sort of like a petri dish, any bad thing created on the secondary AP could not escape. The secondary would have be to able to negotiate with RADIUS. I don't know if this is possible. Any ideas?
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sun Jan 04, 2009 11:07 am

Re: a petri-dish bridge

You could likely do this with one of the linux firewall distros like ipcop or smoothwall. Just setup an additional interface for the less secure wireless connection and place whatever specific limits on it that you need.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Jan 05, 2009 10:36 am

Re: a petri-dish bridge

I agree. That least common denom. theory makes the weakest link in the chain your highest possible security posture. Here's a thought from an architectural standpoint. Don't just use another AP. Get a full wireless router, and put them on a different subnet. You can dumb it down to WEP and still use the same radius server for auth. Or, since it is only 3 devices, don't worry about radius and just set them up on the dumbed down router using MAC filtering as well. Many routers now also come with a nice little feature that disallows anyone connected via the wireless network from accessing the control panel. This makes it so that only those with physical access to your network via the wired LAN can make changes to your router's settings.

Hope this helps,
Don
CISSP, MCSE, CSTA, Security+ SME

Return to Wireless

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software