| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: chris at improbable.org (Chris Adams) Subject: Re: Wireless Security > be possible or practical all of the time. Although policy could > dictate that when a wireless card is given out, the MAC address in > added to the AP, however if you have multiple APs in different areas > of building, being administered by different IT depts then this could > soon become be a problem. > > To me IPSEC looks like be the better solution using SecurID tokens > (one time passwords) to authenticate users, any thoughts would be > appreciated. IPSec is by far the best solution. Commonly recommended steps like turning off SSID broadcasts, setting MAC address restrictions and using WEP are no better than snake-oil; even LEAP, WPA and more recent buzzwords may do a better job of protecting the wireless link but they're still fundamentally flawed since they only protect the wireless portion of your traffic - if, as appears to be the case, you really care about security there's no substitute for a full end-to-end system with strong cryptography (one alternative would be restricting access entirely to protocols which use SSL - although it's not generic you can avoid many client compatibility issues). There's also a big plus to this approach: it greatly simplifies deployment since you don't need the more expensive buzzword-compliant (=likely to break in unusual ways) access points as long as your network is IPSec-only, compartmentalized or both. Chris
Powered by blists - more mailing lists