Can a wireless network be 'safe'

Hi,

I wonder if I may safely set up a wireless link for some emergency server
administration.

However, WEP is hacked, WPA can be hacked, VPN is not safe enough, so does
it exist 'safe' alternatives?

What about a hardware encryption box at each side of the wireless link which
obfuscates the data in a non proprietary custom specified way. Does it
exist such hardware, or should I just forget my remote server admin project?

Thanks for comments and info

Tor

On Fri, 3 Jun 2005 21:22:08 +0200, "Tor Tveitane" <(E-Mail Removed)>
wrote:

>Hi,
>
>I wonder if I may safely set up a wireless link for some emergency server
>administration.
>
>However, WEP is hacked, WPA can be hacked, VPN is not safe enough, so does
>it exist 'safe' alternatives?
>
>What about a hardware encryption box at each side of the wireless link which
>obfuscates the data in a non proprietary custom specified way. Does it
>exist such hardware, or should I just forget my remote server admin project?
>
>Thanks for comments and info
>
>Tor
>
Yes it can be done, the US Military does it all the time. Cost though
is going to kill your project!

Tor Tveitane wrote:

> Hi,
>
> I wonder if I may safely set up a wireless link for some emergency server
> administration.
>
> However, WEP is hacked, WPA can be hacked, VPN is not safe enough, so does
> it exist 'safe' alternatives?
>

I would think that a VPN over wireless encryption would be more than good
enough to protect the data from eavesdropping.

Duane

Yup, you can do just that. Its what is called a fine meshed network. Hit in
a google search SIP and read what the state of the art, thinking an doing is
to date. Though, how to unite an abunance of people withina common goal.
Everery individueal wil have an own xdsl thingy and as for that, it will be
Got for all of us like our common provider.
Dick Hartog
(hidden somewhere in The Netherlands)

"Tor Tveitane" <(E-Mail Removed)> schreef in bericht
news:(E-Mail Removed)...
> Hi,
>
> I wonder if I may safely set up a wireless link for some emergency server
> administration.
>
> However, WEP is hacked, WPA can be hacked, VPN is not safe enough, so does
> it exist 'safe' alternatives?
>
> What about a hardware encryption box at each side of the wireless link
which
> obfuscates the data in a non proprietary custom specified way. Does it
> exist such hardware, or should I just forget my remote server admin
project?
>
> Thanks for comments and info
>
> Tor
>
>

"Duane Arnold" <(E-Mail Removed)> skrev i melding
news:Ma3oe.10116$_o.3058@attbi_s71...

> I would think that a VPN over wireless encryption would be more than good
> enough to protect the data from eavesdropping.

OK, will in addition shifting the radio freq to a less used band with this
device:

http://sharperconcepts.zoovy.com/product/YSC-HC2458-200

also be an advantage?

Btw, does it exist several flavors of VPN networking?

What about Linksys WRT54GS with sveasoft firmware. Will a link between two
of those using PPTP be what you consider 'secure enough'?

Tor

On Sat, 4 Jun 2005 00:16:06 +0200, "Tor Tveitane" <(E-Mail Removed)>
wrote:

>OK, will in addition shifting the radio freq to a less used band with this
>device:
>http://sharperconcepts.zoovy.com/product/YSC-HC2458-200
>also be an advantage?

No. 5.7Ghz is actually more crowded than 2.4GHz depending upon
location. It's so bad in the metro areas that co-ordination groups
have been organized to establish some level of order.
http://www.wbanc.com
If your running inside an office or in a residential area, 5.7Ghz is
just fine. If you're in a glass wall skyscraper overlooking the city,
forget it.

>Btw, does it exist several flavors of VPN networking?
IPSec, PPTP, L2TP, SSL, SSH2, etc

>What about Linksys WRT54GS with sveasoft firmware. Will a link between two
>of those using PPTP be what you consider 'secure enough'?

Yep. That's what I do to run my office LAN remotely. The web admin
is also available with HTTPS security. There's also SSH2 for secure
shell login.


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice http://www.LearnByDestroying.com
# (E-Mail Removed)
# (E-Mail Removed) AE6KS

"Jeff Liebermann" <(E-Mail Removed)> skrev i melding
news:(E-Mail Removed)...

> >What about Linksys WRT54GS with sveasoft firmware. Will a link between
two
> >of those using PPTP be what you consider 'secure enough'?
>
> Yep. That's what I do to run my office LAN remotely. The web admin
> is also available with HTTPS security. There's also SSH2 for secure
> shell login.

Interesting, so if I have a WRT54 wired to the server subnet at work and
another WRT54 at home connected wirelessly to the other, both with their
PPTP set up and with 60 chars WPA keys and MAC filter enabled will give me
sufficient security to sleep well at night?

Tor

On Sat, 4 Jun 2005 00:51:54 +0200, "Tor Tveitane" <(E-Mail Removed)>
wrote:

>"Jeff Liebermann" <(E-Mail Removed)> skrev i melding
>news:(E-Mail Removed).. .
>
>> >What about Linksys WRT54GS with sveasoft firmware. Will a link between
>two
>> >of those using PPTP be what you consider 'secure enough'?
>>
>> Yep. That's what I do to run my office LAN remotely. The web admin
>> is also available with HTTPS security. There's also SSH2 for secure
>> shell login.

>Interesting, so if I have a WRT54 wired to the server subnet at work and
>another WRT54 at home connected wirelessly to the other, both with their
>PPTP set up and with 60 chars WPA keys and MAC filter enabled will give me
>sufficient security to sleep well at night?

No. The WRT54G with Sveasoft Alchemy will terminate a PPTP VPN
connection. It will NOT initiate a VPN connection. That has to be
done with either a dedicated PPTP router that does such things (i.e.
Netscreen) or with a Windoze client.

I'm not sure what you're trying to accomplish and what you have to
work with. I'm guessing you want to establish a permanent VPN between
your house and office. I do that mostly with Sonicwall SOHO routers.
The routers argue among each other to create the VPN tunnel. I can be
at one end of the tunnel and see every computah at the other end. It
can also be used for remote or roaming access. The downside is that
running some ancient applications (i.e. dBase and FoxPlus) across the
VPN network is really slow. Basically, the VPN creates a common
network between the two LAN's at each end.

Wireless should be a seperate issue. I have no clue what level of
security you can afford or need. WPA encryption is sufficient. If
you can handle a RADIUS server, adding 802.1x authentication will also
help. Maximum security would be to use the VPN from the client and
terminate it at the VPN router. I would setup the wireless as an
access point (not a router) to connect to your LAN. One nice feature
of a seperate access point is that when you're not at home, just
turning it off will take care of any unattended security issues. I've
described how to convert a wireless router into an access point in
this group about 5 times. Let me know if Google can't find it.

Sonicwall does make a VPN router that has wireless. I've never used
it because it's expensive. There are also cheapo VPN routers made by
Dlink and Linksys. I've used the BEFVP41 effectively.



--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice http://www.LearnByDestroying.com
# (E-Mail Removed)
# (E-Mail Removed) AE6KS

Jeff Liebermann wrote:

> No. The WRT54G with Sveasoft Alchemy will terminate a PPTP VPN
> connection. It will NOT initiate a VPN connection. That has to be
> done with either a dedicated PPTP router that does such things (i.e.
> Netscreen) or with a Windoze client.

Actually Satori, Alchemy, and Talisman all contain pptpclient. We've
upgraded it through all of the release and Talisman sports the latest
version (1.6 IIRC).

You can either initiate a PPTP client connection in the web using the
setup page and setting the Internet connection type to PPTP. We added
encryption support for Microsoft's MPPE and a checkbox in the web
interface to enable it.

You should be able to point the router at your office MS VPN server,
add your login and password, and enable encryption and create an
encrypted link firectly from the router to your office.

You could also do all of this manually in the rc_startup script and
support both an Internet connection and a PPTP client connection on the
router simultaneously.

James Ewing
Sveasoft

"Sveasoft" <(E-Mail Removed)> skrev i melding
news:(E-Mail Removed) oups.com...

> Actually Satori, Alchemy, and Talisman all contain pptpclient. We've
> upgraded it through all of the release and Talisman sports the latest
> version (1.6 IIRC).
>
> You can either initiate a PPTP client connection in the web using the
> setup page and setting the Internet connection type to PPTP. We added
> encryption support for Microsoft's MPPE and a checkbox in the web
> interface to enable it.
>
> You should be able to point the router at your office MS VPN server,
> add your login and password, and enable encryption and create an
> encrypted link firectly from the router to your office.

Interesting! Does it exist a detailed howto for this scenario? Do I use:

Office Win2000 Server -- wired --> WRT54GS --- wireless link --->
WRT54GS --- wired --- > my computer at home

Thanks for precisions for which modes the two WRTs should be set etc.

Btw I use Alchemy v1 final

regards

Tor