Nick Holland <nick () holland-consulting ! net> > define "security" :)
Ouch. I like Bruce Schneier's cynicism ... As long as I feel secure right? Encryption to some standard (yet to be determined). At a minimum packet contents but headers would be great. I'm a fair bit out of my depth but if I can encapsulate endpoint IP addresses and everything after them I'd be pretty happy. I'm guessing that TLS is out and that IPsec might be in on that criteria. Is SSH out there too? > Your risks with wireless: > * Unauthorized use to access Internet > -> use AuthPF so that you have to ssh authenticate to use the > gateway. Yep. Too good to be true but it won't stop a persistent script kiddie from spoofing though right? > * Unauthorized use of local resources > -> Use strong authentication for anything internal Yep. No SSH server until I sit down and read the docs. > * Packet sniffing > -> use encrypted communications for all you can, and everything > important. SSH tunnels are your friend I'd like to encrypt everything. Thanks for the search term. :] > * Uncontrolled access to network' > -> authenticate everything. Here's where the flags go up for authpf right? If I'm right the authentication is on the initial connection and everything subsequent is based on the associated IP address (or with noip the userid) which won't prevent a MITM from hijacking that IP and certainly won't prevent them from reading my packets. Is that right? > Basic trick for safer wireless is to assume your wireless devices and > all devices that are accessible via wireless are raw on the Internet. > As all your listed devices are OpenBSD, this is entirely possible. I guess that works both ways. I'm quite concerned about the youngsters down my street with too much time on their hands and not so much with some guy from the intarwebs using my wireless to attack them ... I'd like to see that. :] Best wishes.
