On Mon, 2009-02-02 at 12:01 +0000, Mark Rogers wrote:
Presumably: (a) I should be able to find a USB wireless dongle with suitable drivers to make the initial connection work on Ubuntu, in ad-hoc mode (I have very little experience of wireless under Linux having had little need for it),
I have never tried in adhoc mode. I have a USB wireless dongle working under Debian with WPA-PSK.
(b) I should be able to restrict connections to specific MAC addresses?
Many network cards these days can have the MAC address set via software though there is obviously a default which is the proper, unique ID assigned by the manufacterer. I suspect this may apply to wireless adapters too.
I can not think at the moment of anything that is 100% secure using the hardware you describe.
The laptop could be set up in such a way as a normal user could not obtain any keys used (for WEP, WPA or a VPN) or alter the MAC address of the wireless card and, as long as the user doesn't have the root password it would be secure against some kinds of user. For a really determined and expert user you have to make sure they can not boot it from any alternate media or encrypt the hard disk so that when they do manage to boot it from something else they still can't get the keys.
If the above is not secure enough I suspect you need one of those one time password tokens that give the user a number to type in which is checked by the black box. As these are sealed up devices it would be very hard indeed for the user to get the necessary random number sequence out to program into something else.
Regards, Steve.