[Cu-wireless] meeting tomorrow?

[Ralph Johnson]

niteshad at whopper.de said:
>As the relatively new owner of a wireless broadband router, I would also
>like to hear everyone's thoughts on wireless security, its best
>implementation, etc.

If this is just for your home, give your wireless AP a password
and so turn on WEP, and that should be good enough.  WEP is flawed,
but unless your data is more valuable than mine, it won't be worth
people's time to break it.

But we need something else for the CU wireless system.  First, if
we use WEP and we want everybody to use the system then we have to
give the password to everybody, so WEP would be worthless.  Second,
WEP just secures data between routers, but we will need to make it
possible for people to send data without intermediate routers
reading it.  Thus, we should use some VPN technology.

If people are interested, I can explain VPN technologies in more
detail.  There are a lot of ways to do it, and I don't know which
is best.  There probably isn't a best.  However, David has been
using NetBSD for the routers, so that narrows the choices.  NetBSD 
supports both IPSEC and ssh tunnelling.  It should be possible to 
make any router use either of these to communicate securely with 
any other router, even if it is on the other side of town.  However,
VPN technologies are in general not as easy to use as WEP.  I think
that if we build support into the routers then we can make it easy to
use, but we are not there yet. 

Some of these issues are explained very nicely in
http://www.oreillynet.com/pub/a/wireless/2001/02/23/wep.html

-Ralph Johnson