rsmith at xs4all.nl
Tue Dec 23 10:48:27 UTC 2008
On Mon, Dec 22, 2008 at 04:31:56PM -0800, Nerius Landys wrote:
> Thank you all for your suggestions. This will be a project for me
> over the holidays. I decided to go the standalone wireless router
That's probably the easiest way.
> I already have. Also I don't know too much about security, like how
> to prevent eavesdroppers from connecting to my internal network.
There are some things you could do.
- Use WPA2 if available or else at least WPA
- When using WPA with pre-shared keys, use long and random generated
pre-shared keys. And change them often.
- You can turn off the broadcasting of the SSID
[http://en.wikipedia.org/wiki/SSID] to discourage casual snooping.
This will not deter a determined attacker, however.
- If you are using the pf(4) firewall you could use authpf(8) as an
additional security measure. [http://www.openbsd.org/faq/pf/authpf.html]
It requires users to log in via ssh(8) and alters the firewall rules
as long as the ssh session exists. This requires that the user must
have additional authentication in the form of passwords or ssh keys in
order to use the network. It provides an additional layer of access control.
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20081223/0230f1aa/attachment.pgp
More information about the freebsd-questions