Guide to get cable modem working with debian

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MChris Gehlker at <-
MMJeffrey Pyne at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Craig White
Date:  
Subject: Guide to get cable modem working with debian
On Wed, 2003-12-31 at 09:31, Chris Gehlker wrote:
> On Dec 31, 2003, at 8:59 AM, Chris Gehlker wrote:
>
>
> > Where the manual isn't much help is in laying out some kind of
> > decision matrix that would allow me to choose the appropriate level of
> > security. I don't care if someone wants to park in front of my house
> > and share my connection to the internet. I don't worry to much about
> > them printing from my printer. I do care if they get into the shares
> > on my desktop but I don't think the notion that some black hat is
> > going to park outside house a capture every byte and then analyze them
> > to discover our usernames and passwords. As another example, it is
> > easy to set the MAC address of the iBook as the only one allowed on
> > the network. Presumably, it is also very easy to forge MAC addresses.
> > Then manual doesn't actually say that. One has to infer it from the
> > fact that it goes on to discuss more expensive and presumably better
> > security methods.
>
>
> Duh. Responding to my own post. But sometimes the mere act of writing
> down the question helps one see the answer. It dawned on me that some
> of the cheap but weak security methods, like the MAC based access list,
> only prevent write access to my network. It takes some pretty strong
> encryption to prevent read access. The signals are *broadcast* after
> all.
>
> I still don't really know what level of security is appropriate for a
> home office network.
---
sometimes answering questions helps to solidify the issues in my mind as
trying to ask them so here's my take.

You probably should consider the wireless network as untrusted as is the
internet. On your computer, you could create iptables rules to reject
everything but port 22 & 515 from the network (tcp - printing might be
udp, I don't know). Then if you needed access to say files from your
linux desktop, you could pipe it through ssh. If you have more than 1
computer on the 'wired' side of things, this would be a problem.

In this case, the idea would be to have 2 routers, one for the internet
and the wireless router. The wireless router would set the
restrictions... only ports 22 & 515 go to any ip address on the wired
lan, everything can go to the default gateway on the wired lan.

Unless you use encryption (WEP or ???), all passwords transmitted in
clear (telnet, rsync, nfs) could be sniffed/captured by anyone snooping
wireless lan. WEP Encryption in 802.11b (which is the only available
Airport for an iBook that I know of) is supposedly easily broken.

Craig


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-RAM for LTSPRAM for LTSP->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)