Security over LAN w/ Ethernet + Wireless...

Security over LAN w/ Ethernet + Wireless...

Post by Jaso » Sat, 22 Apr 2000 04:00:00



Hey there...

Ok, here's my question.  I'm going to add wireless networking to my LAN
using an Orinoco PCMCIA card and an Apple Airport.  However, the Airport
offers weak encryption, and if ALL of my data is going to be flying
through the air thanks to an ethernet-to-wireless bridge, I sure as hell
want everything (up to the 'net connection) encrypted like crazy.
Here's my setup.

The LAN is a 5-node 100baseTX network.  There are 3 hard-wired W98 PCs
hooked up.  There will also be the Airport hooked into node 4, with a
single PC laptop using the Airport.  The 'net connection is a Redhat
Linux box on node 3 that is running IPMASQ to share the bandwidth.  (The
'net is on a separate ethernet card for security/firewall reasons.)  All
of the other computers use the Linux box as a TCP/IP gateway to get out
to the world.

Now... I want all of the data that goes out to the 'net over my LAN to
be as encrypted as possible, since the Airport (which will now broadcast
my every move) has only 64-bit WEP encryption.  The way I understand it,
the easiest way to make this happen is to make the Linux box a VPN
server, and have each of the W98 computers connect to the 'net using
VPN.  That way, at least my data is double-encrypted - once by the
hardware's 64-bit WEP, and again via VPN with some sort of encryption
enabled.

My question is... is this the best way to do it?  Also, does anyone have
a link to an EASY walk-through on how to do this?  Also, I'm more than
interested to see if there's other better ways to do what I want to do.
The main function here is, everything that's LAN-only traffic is
trivial... but anything that goes to the 'net via the Linux box I want
as secure as possible - and I'd much rather have a solution that works
on the PROTOCOL level, so the encrypting/decrypting is invisible for
compatibility with older 'net apps.  But like I said, I'm open to
anything that you may think is better.

Thanks for any help you can provide.

--Jason

 
 
 

1. only show Wireless LAN submenu if Wireless LAN is selected

Trivial: This is a follow-up to your "Gigabit Ethernet submenu" precedent.

Only show the Wireless LAN submenu if the Wireless LAN entry is selected.

--

diff -urN a/drivers/net/Kconfig b/drivers/net/Kconfig
--- a/drivers/net/Kconfig       2003-01-01 14:25:27.000000000 +0100

          end of the link as well. It's good enough, for example, to run IP
          over the async ports of a Camtec JNT Pad. If unsure, say N.

-
-menu "Wireless LAN (non-hamradio)"
-       depends on NETDEVICES
-
 config NET_RADIO
+       depends on NETDEVICES
        bool "Wireless LAN (non-hamradio)"
        ---help---

          special kernel support are available from
          <ftp://shadow.cabi.net/pub/Linux/>.

+menu "Wireless LAN (non-hamradio)"
+       depends on NET_RADIO
+
 config STRIP
        tristate "STRIP (Metricom starmode radio IP)"
        depends on NET_RADIO && INET
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

2. performance tuning

3. Ethernet card and wireless lan - redhat 7.3, 8.0 and >

4. Max UDP message whits AIIX4.1

5. Wireless ethernet in laptop to hard-wired ethernet network, is it possible?

6. How accurate is /proc???

7. 2.5.47 - PCMCIA ethernet and wireless ethernet bugs

8. How to restore LILO and how to boot from floppy

9. 10/100 Ethernet SWITCH (to be used for Fast Ethernet LAN, and 10-BaseT cable modem)

10. Wireless 802.11 LAN card driver problem on PowerBook

11. wireless lan pcmci recommedations?

12. Intel PRO/Wireless 2011 LAN PC Card

13. wireless lan; smc