Re: No WEP/WPA, can VPN substitute?

From: Allen Kistler (ackistler_at_oohay.moc)
Date: 11/27/05 

Date: Sun, 27 Nov 2005 07:07:05 GMT

Proteus wrote:
> I just can not get WEP or WPA working with my wifi modem in Linux
> (Mandriva). If I setup a VPN (Virtual Private Network) between my main PC
> (home) and the second PC in my home that has the wifi modem (on second
> floor in my home) [without WEP or WPA encryption], couldn't the VPN
> security substitute for the lack of WEP/WPA encryption? I have ssid
> broadcast turned off, and MAC filtering on, that is the best I can do--
> but of course that is easily hacked-- so I figure setting up a VPN tunnel
> should provide a secure communication, correct?
>
> Also, with an open wifi system, even with VPN, what is the risk of a
> hacker using the open wifi to hack into my box (PC)? Is that possible or
> made easier compared to a wired communication (LAN cabling), even with
> firewalling and a router, etc? Any ways to minimize that?

Encrypted VPN can substitute for WEP/WPA/WiFi/etc., but it has to be set
up carefully.

Set up the wired LAN so that access from the wireless access point MUST
use the VPN to access ANYTHING. That could mean sticking a small router
with packet filtering between the WAP and the LAN. It could mean using
a dedicated interface on a Linux box (the VPN endpoint) with a crossover
cable to the WAP and with a good netfilter ruleset. Use another IF to
connect to the wired LAN. (i.e., build a firewall)

Don't forget that your wireless workstations are also open to attack, so
 lock out the incoming traffic (even before the VPN is established) and
prevent leakage of outbound traffic.

You should do those things with WEP/etc., anyway, but without it now
it's crucial.

I've seen paranoid corporations deal with the reality of highly mobile
workforces exactly this way, where handing out encryption keys to a few
hundred/thousand people every day is too big a nightmare, even though
there isn't any technical barrier to doing it.

Relevant Pages

  • Re: No WEP/WPA, can VPN substitute?
    ... > I just can not get WEP or WPA working with my wifi modem in Linux ... > security substitute for the lack of WEP/WPA encryption? ... Encrypted VPN can substitute for WEP/WPA/WiFi/etc., but it has to be set ... Set up the wired LAN so that access from the wireless access point MUST ...
    (alt.linux)
  • Re: VPN over WiFi: How Much of a Security Risk?
    ... >WiFi support, so could I use the WiFi to VPN in to work? ... >security threat would that be? ... Your Home WiFi most likely has a medium-grade encryption feature (If ...
    (alt.computer.security)
  • Re: VPN over WiFi: How Much of a Security Risk?
    ... >WiFi support, so could I use the WiFi to VPN in to work? ... >security threat would that be? ... Your Home WiFi most likely has a medium-grade encryption feature (If ...
    (alt.computer.security)
  • Re: Encrypted VPN software?
    ... >>establish the original connection; thereafter the two ends of the VPN ... faraway LAN as if it was just another local computer on that LAN. ... does offer is once-and-for-all encryption and authentication with no need ...
    (alt.privacy)
  • Re: Advice needed on secure remote datacenter and secure communication
    ... fair bit of time working with windows server, ... as for VPN, ... Addressing your issue with PGP encryption on sensitive files, ...
    (alt.computer.security)