Getting Around the 128-bit WEP Failure? 7
shokk asks: "To get around the failed encryption of WEP 128bit, we're going ahead with setting our own way of encrypting wireless traffic. Because we already have a firewall that laptop users will use to connect to from the outside, we've set up a second mini-firewall parallel to the main firewall, in this case a Netscreen 5, for the access point to hide behind. These people then use their SafeNet SoftPK VPN software to reach through to the main firewall so that their chatty wireless traffic is off on another net and they can still get decent encryption. It brings up the load on the firewall, but then again laptop users are generally not generating much traffic to read their emails and Word documents. How are other people getting around this problem to secure their wireless networks?"
Our Corporate Policy (Score:2)
With this setup LAN access is possible only through 128bit IPSec connections. This is also how we provide remote access to our field users.
We have found that the IPSec VPN offers the same throughput performance that we would get using 40 or 128 bit WEP. I found it interesting that there was VERY little performance difference between 40 and 128 bit WEP. However, it is generally agreed that the VPN approach that we have chosen is far more secure than simply using WEP. And, since there isn't a performance hit, better safe than owned.
Re:Free software for this purpose? (Score:3)
Exactly what failure are you talking about? (Score:2)
That said, using VPN and a separate firewall for the wireless base station is a good plan.
Novell BorderManager (Score:2)
Wireless (Score:1)
Wireless is a great tool, and I would recomend WEP to people just so someone dosent snoop on you network. But how long does it take to break the WEP 128? I don't know. but my best guess it that eather with good hardware or some time it can be done easly if you know what your doing. I have wireless at home and I haven't turned on WEB becouse it seems to be a pain for me. What is the worst someone can do? Change the IP address on my accsess point? I have a USB connection for it. Use my interet connection? Go ahead.
Using a new technology is a secure network is not a good idea.
Re:Free software for this purpose? (Score:2)
I don't know about the stability/memory leakage though.. I use ipsec for my vpn with windows/linux/freebsd/etc.
Free software for this purpose? (Score:3)
Is there any free software available for Windows-platforms to handle the encryption? I think that a SSH tunnel would be a nice way to securely read email, transfer files, etc, but the problem is that I haven't found any free and working SSH client for Windows that supports tunneling.
SSH Secure Shell for Windows [ssh.com] is very good and free for private/educational use, but it leaks memory when closing a tunnel, thus local tunnel can be used only certain amount of times until the client hangs. This is very annoying, one can't check POP mail continually because the client hangs in short time.