Thread: (NETWORKING) D-Link 524 Wireless Secruity
View Single Post
  #6  
Old 04-10-2007, 09:41 PM
BiPolar_Nut BiPolar_Nut is offline
Senior Member
  
Join Date: Aug 2006
Location: Slightly over the edge
Posts: 1,590
Default Re: (NETWORKING) D-Link 524 Wireless Secruity
[ QUOTE ]
Would you really recommend all that for a regular user?

[/ QUOTE ]

No. To regular users I recommend wired networks. If they insist on wireless, I'll give them a few more horror stories and make another push for wired. the few that *still* insist on wireless, yes. I state something like "the only way I would personally consider running wireless is to blah blah blah as above.

[ QUOTE ]
That's a good bit of setup.

[/ QUOTE ]

Yes. It is.

[ QUOTE ]
Or were you just telling the OP what to do if he really wanted to max out his security?

[/ QUOTE ]

Yes. I was.




As for OP's question:
[ QUOTE ]
Is there a chance you can give me step's to set that up?

[/ QUOTE ]

General steps? yes. Specific step-by-step w/ brands, models, prices, links, instructions, sample config files, the recipe for coca cola, screenshots of a walkthrough, etc? No.

General steps:

1. Configure or add a machine to your private LAN to act as a RADIUS server, and the same (or preferably a separate) server to act as the VPN server for the LAN.

2. Use a wireless router capable of authenticating users to an external RADIUS server as well as isolating wireless clients so that they cannot communicate w/ each other.

The VPN server would have a network interface on the LAN and a second network interface on the hostile wireless subnet (where unknown/untrusted users can attempt to authenticate).

The RADIUS server would only have a LAN address.

The WiFi router would obv have hostile and LAN-facing network addresses.

From there it's just a matter of configuring each step...instructions for which will vary according to software used and experience.

If that's not detailed enough, go wired [img]/images/graemlins/wink.gif[/img]

Edit: My main gripe w/ WPA is people very often claim to have a "good passphrase" and think 1970AxLiNg_ is insanely un-guessable. That particular password would be guessed very shortly into the first guesses after a dictionary has been exhausted and well before random attempts by a good/determined brute force attempt. °Þê(s:ERöX^4+jª♣Üš is orders of magnitude more secure than the 1970AxLiNg_ hypothetical password when it comes to brute forcing.
Reply With Quote