[ previous ] [ next ] [ threads ]
 
 From:  "James Adams" <jadams at comprehendinc dot com>
 To:  "'Jim Gifford'" <jim at giffords dot net>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] mOnOwall and Wireless configuration
 Date:  Mon, 5 Apr 2004 17:53:10 -0400
Jim,
I have to go across a parking lot and a city street. So cable really would
be cost prohibitive. IPSec is a must as you've indicated. I'm also my
organization's HIPAA security/privacy officer and I know full well how much
trouble an organization can get into, if they're not careful. We're under
greater scrutiny since we traffic in mental health and substance abuse
related patient information. On the topic of security, the 3com solution had
an interesting security feature. The info being exchanged is encrypted then,
every 15 mins or so, the units generate new security keys for unencryption,
which supposedly can't be easily unencrypted. I don't know all the
particulars but that seemed pretty darn secure.

Jim Adams
MIS Director
Comprehend, Inc.
Maysville, KY 


-----Original Message-----
From: Jim Gifford [mailto:jim at giffords dot net] 
Sent: Monday, April 05, 2004 4:18 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] mOnOwall and Wireless configuration


You haven't said whether a cable run might be feasible for you, but never
underestimate the usefulness of a single fiber pair (might as well pull 4 as
one though).  You can use transceivers and get 10, 100, gig, or higher.  You
might be able to get such a cable buried for as little as $1500, and it will
scale much better than the wireless link.

Having said all that, wireless should be more than adequate for a simple
link.  802.11b will limit you to about 5-7Mib/sec throughput after overhead.
802.11a and 802.11g claim as much as 108Mib/sec in proprietary x2
connections.  Expect to see much less than that in actual throuput though.

WEP is a joke, if you use a wireless link with WEP as the primary link
between the two buildings, and have any significant level of traffic, it can
easily be compromised.  If you have sparse traffic, it just takes a little
longer to break the keys.  Use strong security on top of the wireless (like
IPSec for example).  Assume that anyone within 10 miles of your link will be
able to see the traffic and attempt to steal the data. Paranoia isn't always
a bad thing.  *grin*

One advantage wired/optical has over wireless is the difficulty of tapping
into the link.  Additionally, with transceivers, it looks like just another
link between switches, as opposed to having to do some routing. You could
purchase a 100mbit or even 10mbit transceiver for each end to save money
this year, and next year buy switches for each end that have gigabit fiber
capability to link the buildings.  Wireless will be more difficult to
upgrade that way.

Make sure you check the legal issues too before you get started. I know of
at least one medical facility that has had to deal with HIPPA violations,
and it isn't a fun task.

Good luck with your project.

jim gifford

On Mon, Apr 05, 2004 at 02:05:45PM -0700, John Andrunas wrote:
> I am not particularly familiar with HIPPA requirements, but I hope 
> that
> plain old WEP, doesn't meet the security requirements.  Heck I would be 
> a lot more comfortable running some Cat 5/6 across the way if it is only 
> 30 yards.
> 
> David Rodgers wrote:
> 
> >On Mon, 2004-04-05 at 15:36, James Adams wrote:
> > 
> >
> >>Hi all,
> >>I'm the MIS Director for a small, rural, non-profit community mental
> >>health
> >>center. We have recently purchased a building adjoining our current
> >>building--approx 30 yards between the buildings. Rather than purchasing 
> >>one
> >>of the embedded mOnOwall appliances for wireless network connectivity,
I
> >>was wondering if I could install mOnOwall on two PII machines that I
have
> >>and accomplish the same thing? 
> >>   
> >>
> >
> >Absolutely! Yes you can do exactly what you are trying to do! :-)
> >
> >
> > 
> >
> >>
> >>I'm not unfamiliar with networking, IPTables, etc., but very 
> >>unfamiliar
> >>with
> >>wireless; but I do know that I need WEP. 
> >>   
> >>
> >
> >Instead of WEP though you could setup your m0n0walls at each site and 
> >do gateway to gateway VPN with ipsec to protect your traffic. I 
> >assume that this will be patient data and such going back and forth? 
> >I would not entrust WEP to keep something like that safe from prying 
> >eyes.
> >
> >
> > 
> >
> >>And I do know that I will need
> >>cable, antennas etc..
> >>   
> >>
> >
> >You could probably accomplish this best with a pair of PC's running 
> >M0n0wall and 2 cisco or (insert other company name here) external 
> >wireless bridges from ebay. If the total distance is 30 yards and 
> >line of site is good the cute little rubber ducky antenna that comes 
> >with it will be fine.
> >
> > 
> >
> >>A local vendor is trying to sell us a Linux-based
> >>software package, Star-OS, running on my old PIIs  for about $1600.
> >>Another
> >>is trying to sell us a 3com solution for about $2300. I have a sneaking
> >>suspicious that I can do this with mOnOwall. Our state is in the midst
of 
> >>a
> >>budget crisis and my IT funds are being slashed dramatically.
> >>   
> >>
> >
> >It's scary what people will try to sell you these days.
> >
> >That being said if you don't feel comfortable fitting all of this 
> >stuff together and making it work commercial solutions can save your 
> >life.
> >
> >
> >
> >David Rodgers
> >
> > 
> >
> >>
> >>TIA for any advice,
> >>
> >>Jim Adams
> >>MIS Director 
> >>Comprehend, Inc. 
> >>Maysville KY 
> >>
> >>
> >>---
> >>Outgoing mail is certified Virus Free.
> >>Checked by AVG anti-virus system (http://www.grisoft.com).
> >>Version: 6.0.647 / Virus Database: 414 - Release Date: 3/29/2004
> >>
> >>   
> >>
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> > 
> >
> 
> --
> 
> John Andrunas
> IT Engineer
> Treyarch Corp
> 310.664.5907
> andrunas at treyarch dot com
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.647 / Virus Database: 414 - Release Date: 3/29/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.647 / Virus Database: 414 - Release Date: 3/29/2004