August 2010

Computers and Networking05 Aug 2010 03:30 pm

DEF CON was this past weekend, and in usual fashion, the staff of the convention had projected onto a screen the “Wall of Sheep”: a list of usernames and obfuscated passwords that were transmitted in the clear on the convention’s wireless network. As DEF CON has doubtlessly the most hostile wireless network ever seen, ensuring that all transmissions are conducted in a secure fashion is paramount at this particular convention.

With the proliferation of publicly accessible wireless networks, one must be certain to use caution when checking things such as email. Some email providers have SSL enabled, so that solves that problem, but what about unencrypted web page logins, like forums? How does one secure these?

My solution to secure all traffic uses OpenVPN, a freely available VPN solution that works on pretty much any operating system. I won’t go into excessive detail in this post, but it is actually fairly easy to set up. My first brush with it was when I ran IPCop on my router machine. The OpenVPN add-on for IPCop, ZERINA, generates configuration bundle zip files that make connecting simple. Setting up one from scratch isn’t much more difficult, but it can be time-consuming to set up properly.

OpenVPN works great for a temporary tunnel, but for something more permanent, IPsec is a better choice as it requires less CPU overhead. The configuration of IPsec is beyond the scope of this post, however.

I’ll write a follow-up to this in the next few days explaining my setup, but for now know that if you’re going to be using an open, unencrypted wireless network, be aware that passing cleartext passwords can be a very perilous mistake.

Cellular and Netbooks and Networking and UNIX01 Aug 2010 03:04 pm

Well, I had pfSense working for a wired interface, but once I enabled the wireless interface and a client connected to it, the machine hardlocked. I am not one to be defeated by technology, so I dug out my IPCop install disc and attempted to load that on instead. Sadly IPCop 1.4 does not have support in the installer for the wired connection, so I gave the new beta a try. It works! I had to give the proper INIT string for the aircard and find a working version of WLAN-AP, but once all that was done, I was able to connect both wirelessly and wired.

I am all set to go for the not so distant future!