I was very pleased to see a few people turn up as I wasn't sure at one time if there would be anyone else except myself and Mark :-)
Paul, Keith, Tristan, Brett, Mark and myself gathered - we had two penguins on the table this time :-)
Keith has printed some name badges and a laminated sign for meetings as well as donating various Morphix CDs which I will bring to the sunday meeting on the 20th July. Paul also gave away some installer CDs. It was another enjoyable social evening and it is good to be putting faces to names.
For your diary - next evening social is the second thursday of August - August 14th, 8pm, at the Forum coffee bar again. Seems overall the best venue for these casual meets at present.
Syd
On Friday, July 11, 2003, at 06:28 AM, Syd Hancock wrote:
For your diary - next evening social is the second thursday of August - August 14th, 8pm, at the Forum coffee bar again. Seems overall the best venue for these casual meets at present.
Hm! I think I will try and turn up to that one. Hopefully more people will be there (Come on guys ;)
I don't presume The Forum got wireless?
C
On Friday 11 Jul 2003 4:59 pm, Syd Hancock wrote:
I don't presume The Forum got wireless?
Nope, not yet anyway... although I the Unthank Arms does (but they charge)
Wireless is something we've set up in our office very recently. Very cool it is too.
The guy who set it up was going to do it with IPSec running between client and a LAN firewall, however with us having WinXP, Linux, FreeBSD and Mac, and with very little documentation, that proved impractical.
Now running with hidden access points and a nice long password over 128bit encryption. About as strong as we can make it. Anyone else had ideas / success in this area of security by any chance?
BTW, I managed to leave Lowestoft (office) slightly before 7pm yesterday, and completely forgot about the evening meet. Must try harder heh.
James
On Friday 11 July 2003 19:21, James Green wrote:
The guy who set it up was going to do it with IPSec running between client and a LAN firewall, however with us having WinXP, Linux, FreeBSD and Mac, and with very little documentation, that proved impractical.
Now running with hidden access points and a nice long password over 128bit encryption. About as strong as we can make it. Anyone else had ideas / success in this area of security by any chance?
Well the other thing you could do is a MAC address lockdown, I assume by hidden access points you mean ones that don't broadcast their ID
Of course the MAC lockdown means that you have to bless each machine connecting on the Access Points by adding it's address to the MAC list, so from an Administration point of view it's a bit of a pain.
Depending on what you use the Wireless network for, you could firewall out stuff you don't need. i.e. If it's used to allow laptops to collect mail and get on the Internet, you could restrict the Wireless network to just that. Chances are though that you would just generate complaints from users who wanted to use it for file transfer or something else.
Survey the footprint of your Wireless Coverage. Is your business surrounded by a secure compound, if so can you move access points so that there is minimal network availability beyond the premieter of your Business. Your not going to stop somebody with High Gain antennas or High Sensitivity wireless gear. but you will reduce the chances of discovery. Most wardrivers do just that. Drive past and wait for their laptop or PDA to go bling, if the network is not available by the time you get to the nearest public road then the chances of discovery are much lower.
Over and above all of this I think the best thing is to pretend to forget the keys and passwords you know, Install Airsnort (or your tool of choice) on a Laptop and actually attempt to break in yourself
On Friday 11 Jul 2003 11:42 pm, Wayne Stallwood wrote:
Well the other thing you could do is a MAC address lockdown, I assume by hidden access points you mean ones that don't broadcast their ID
MAC address lockdown was done prior to the wireless service going live. By hidden access point, I mean the wireless provider ID string is not broadcast.
[ ... ]
Depending on what you use the Wireless network for, you could firewall out stuff you don't need.
The AP is connected to a NIC inside our gateway. The gateway is multi-homed, so unless our firewall rules let traffic go across, nothing gets through.
[ ... ]
Survey the footprint of your Wireless Coverage. Is your business surrounded by a secure compound, if so can you move access points so that there is minimal network availability beyond the premieter of your Business. Your not going to stop somebody with High Gain antennas or High Sensitivity wireless gear. but you will reduce the chances of discovery. Most wardrivers do just that. Drive past and wait for their laptop or PDA to go bling, if the network is not available by the time you get to the nearest public road then the chances of discovery are much lower.
We are moving into larger offices later this month. The buildings we are moving out and and into are both regional development buildings so house multiple companies, hence we hide the AP, limit MACs, require a strong key which will change every month or so and have it on a NIC that's firewalled. Not much else we can think of on a practical level... Unless you guys can.
Over and above all of this I think the best thing is to pretend to forget the keys and passwords you know, Install Airsnort (or your tool of choice) on a Laptop and actually attempt to break in yourself
The guy who set it up I believe has this on a Mac laptop, and monitors the traffic. We also have rrdtool monitoring traffic on all the NICs in the gateway machine. If someone connects and transfers traffic, we'll at least know about it.
James
On Friday, July 11, 2003, at 04:59 PM, Syd Hancock wrote:
Nope, not yet anyway... although I the Unthank Arms does (but they charge)
Ah shame, they should do really. It is a nice place to take your lappy and do stuff. I wonder if the council can actually afford it ;)
C
-
Craig -
James Green -
Syd Hancock -
Wayne Stallwood