From: "Lewis G Rosenthal" Received: from [192.168.100.201] (account lgrosenthal HELO [192.168.100.26]) by 2rosenthals.com (CommuniGate Pro SMTP 5.1.16) with ESMTPSA id 2312570 for os2-wireless_users@2rosenthals.com; Sun, 15 Feb 2009 17:58:50 -0500 Message-ID: <49989E14.603@2rosenthals.com> Date: Sun, 15 Feb 2009 17:58:28 -0500 Organization: Rosenthal & Rosenthal, LLC User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.8.1.18) Gecko/20081113 MultiZilla/1.8.3.5g SeaMonkey/1.1.13 (PmW) MIME-Version: 1.0 To: OS/2 Wireless Users Mailing List Subject: Re: [OS2Wireless] [OS2Wireless]TPad T60 Connect to Linksys BEFW11S4 - Security Settings References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 02/15/09 05:24 pm, Carl Gehr thus wrote : > On Sun, 15 Feb 2009 13:29:28 -0700, Chuck McKinnis wrote: > > >> IMHO, I am more worried about security on the Internet than I am about >> security between my PC and the router. >> > > It's not a matter of security between the PC and the router. I may be > wrong, but I don't believe these keys do any encryption at all. They > are strictly 'access keys' allowing or prohibiting use of the router. > > No, they are encrypting data. What you describe, Carl, is authentication (provided for in the 802.11i spec, but not part of WEP or WPA). > This bit of security is to keep someone else's PC from using the > router. If an outsider is able to access the router: > 1) They are able to access the Internet with the messages > appearing to be coming from one of my PCs > 2) Worse yet, they then have access to my PCs > that are connected to the router either directly > or indirectly. > > By capturing enough of your own traffic, they could probably accomplish this. A captive portal (authentication solution) would be a good defense. Hautspot uses technology from Sputnik (http://www.sputnik.com) to provide for captive portal authentication. There are others which are free (Chillispot and NoCatAuth - the latter, in fact, forms the basis for Hautspot's stuff). Of course, you need AP firmware which can support this (a LinkSys WRT54G flashed with DD-WRT firmware will do). You would then access a secure webpage (in the router, if not using a server-hosted solution, such as Hautspot or Sputnik), authenticate, and then access to the network beyond would be allowed. Disclaimer: Hautspot, LLC is a Sputnik business partner and Rosenthal & Rosenthal, LLC is a stockholder in Sputnik, Inc. ;-) -- Lewis ------------------------------------------------------------- Lewis G Rosenthal, CNA, CLP, CLE Rosenthal & Rosenthal, LLC www.2rosenthals.com Need a managed Wi-Fi hotspot? www.hautspot.com Treasurer, Warpstock Corporation www.warpstock.org -------------------------------------------------------------