[ previous ] [ next ] [ threads ]
 
 From:  Jim Gifford <jim at giffords dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] mOnOwall and Wireless configuration
 Date:  Mon, 5 Apr 2004 17:55:43 -0400
I understand about cost being prohibitive.  Too many of my own projects
are nowhere nears the way I would like them to be due to budget
constraints.  :(

I believe that IPSec can force key updates periodically.  I'm not that
familiar with all the options yet, but that's certainly something to
consider in your testing stage.

Sounds like you will be having fun soon.  I wish you luck and success.

jim gifford

On Mon, Apr 05, 2004 at 05:53:10PM -0400, James Adams wrote:
> Jim,
> I have to go across a parking lot and a city street. So cable really would
> be cost prohibitive. IPSec is a must as you've indicated. I'm also my
> organization's HIPAA security/privacy officer and I know full well how much
> trouble an organization can get into, if they're not careful. We're under
> greater scrutiny since we traffic in mental health and substance abuse
> related patient information. On the topic of security, the 3com solution had
> an interesting security feature. The info being exchanged is encrypted then,
> every 15 mins or so, the units generate new security keys for unencryption,
> which supposedly can't be easily unencrypted. I don't know all the
> particulars but that seemed pretty darn secure.
> 
> Jim Adams
> MIS Director
> Comprehend, Inc.
> Maysville, KY 
> 
> 
> -----Original Message-----
> From: Jim Gifford [mailto:jim at giffords dot net] 
> Sent: Monday, April 05, 2004 4:18 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] mOnOwall and Wireless configuration
> 
> 
> You haven't said whether a cable run might be feasible for you, but never
> underestimate the usefulness of a single fiber pair (might as well pull 4 as
> one though).  You can use transceivers and get 10, 100, gig, or higher.  You
> might be able to get such a cable buried for as little as $1500, and it will
> scale much better than the wireless link.
> 
> Having said all that, wireless should be more than adequate for a simple
> link.  802.11b will limit you to about 5-7Mib/sec throughput after overhead.
> 802.11a and 802.11g claim as much as 108Mib/sec in proprietary x2
> connections.  Expect to see much less than that in actual throuput though.
> 
> WEP is a joke, if you use a wireless link with WEP as the primary link
> between the two buildings, and have any significant level of traffic, it can
> easily be compromised.  If you have sparse traffic, it just takes a little
> longer to break the keys.  Use strong security on top of the wireless (like
> IPSec for example).  Assume that anyone within 10 miles of your link will be
> able to see the traffic and attempt to steal the data. Paranoia isn't always
> a bad thing.  *grin*
> 
> One advantage wired/optical has over wireless is the difficulty of tapping
> into the link.  Additionally, with transceivers, it looks like just another
> link between switches, as opposed to having to do some routing. You could
> purchase a 100mbit or even 10mbit transceiver for each end to save money
> this year, and next year buy switches for each end that have gigabit fiber
> capability to link the buildings.  Wireless will be more difficult to
> upgrade that way.
> 
> Make sure you check the legal issues too before you get started. I know of
> at least one medical facility that has had to deal with HIPPA violations,
> and it isn't a fun task.
> 
> Good luck with your project.
> 
> jim gifford
> 
> On Mon, Apr 05, 2004 at 02:05:45PM -0700, John Andrunas wrote:
> > I am not particularly familiar with HIPPA requirements, but I hope 
> > that
> > plain old WEP, doesn't meet the security requirements.  Heck I would be 
> > a lot more comfortable running some Cat 5/6 across the way if it is only 
> > 30 yards.
> > 
> > David Rodgers wrote:
> > 
> > >On Mon, 2004-04-05 at 15:36, James Adams wrote:
> > > 
> > >
> > >>Hi all,
> > >>I'm the MIS Director for a small, rural, non-profit community mental
> > >>health
> > >>center. We have recently purchased a building adjoining our current
> > >>building--approx 30 yards between the buildings. Rather than purchasing 
> > >>one
> > >>of the embedded mOnOwall appliances for wireless network connectivity,
> I
> > >>was wondering if I could install mOnOwall on two PII machines that I
> have
> > >>and accomplish the same thing? 
> > >>   
> > >>
> > >
> > >Absolutely! Yes you can do exactly what you are trying to do! :-)
> > >
> > >
> > > 
> > >
> > >>
> > >>I'm not unfamiliar with networking, IPTables, etc., but very 
> > >>unfamiliar
> > >>with
> > >>wireless; but I do know that I need WEP. 
> > >>   
> > >>
> > >
> > >Instead of WEP though you could setup your m0n0walls at each site and 
> > >do gateway to gateway VPN with ipsec to protect your traffic. I 
> > >assume that this will be patient data and such going back and forth? 
> > >I would not entrust WEP to keep something like that safe from prying 
> > >eyes.
> > >
> > >
> > > 
> > >
> > >>And I do know that I will need
> > >>cable, antennas etc..
> > >>   
> > >>
> > >
> > >You could probably accomplish this best with a pair of PC's running 
> > >M0n0wall and 2 cisco or (insert other company name here) external 
> > >wireless bridges from ebay. If the total distance is 30 yards and 
> > >line of site is good the cute little rubber ducky antenna that comes 
> > >with it will be fine.
> > >
> > > 
> > >
> > >>A local vendor is trying to sell us a Linux-based
> > >>software package, Star-OS, running on my old PIIs  for about $1600.
> > >>Another
> > >>is trying to sell us a 3com solution for about $2300. I have a sneaking
> > >>suspicious that I can do this with mOnOwall. Our state is in the midst
> of 
> > >>a
> > >>budget crisis and my IT funds are being slashed dramatically.
> > >>   
> > >>
> > >
> > >It's scary what people will try to sell you these days.
> > >
> > >That being said if you don't feel comfortable fitting all of this 
> > >stuff together and making it work commercial solutions can save your 
> > >life.
> > >
> > >
> > >
> > >David Rodgers
> > >
> > > 
> > >
> > >>
> > >>TIA for any advice,
> > >>
> > >>Jim Adams
> > >>MIS Director 
> > >>Comprehend, Inc. 
> > >>Maysville KY 
> > >>
> > >>
> > >>---
> > >>Outgoing mail is certified Virus Free.
> > >>Checked by AVG anti-virus system (http://www.grisoft.com).
> > >>Version: 6.0.647 / Virus Database: 414 - Release Date: 3/29/2004
> > >>
> > >>   
> > >>
> > >
> > >
> > >---------------------------------------------------------------------
> > >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >
> > > 
> > >
> > 
> > --
> > 
> > John Andrunas
> > IT Engineer
> > Treyarch Corp
> > 310.664.5907
> > andrunas at treyarch dot com
> > 
> > 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.647 / Virus Database: 414 - Release Date: 3/29/2004
>  
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.647 / Virus Database: 414 - Release Date: 3/29/2004
>  
>