I run a wireless ISP and I was just wondering if there are any suggestions on security at this moment we do not run wep or wpa but we do use a hotspot authinacation with radius and chap and I set the access list to deny all assocations exept the macs of course or customers. O and we hide the ssid and if your wondering why i dont run wep or wpa another local wisp did and they didnt know why but they keep going down did i heard that someone has hacked into there network and was stealing internet. I figure if you want it that bad I would rather let you have internet than keep taking my network down.
It seems to work so far i watch the logs closely and have not see anyone get in other than a few trying to run dictonary files against the hotspot and ssh. Most of the ssh is off network attacts anyhow nothing iptables didnt fix or a quick change on the ciscos access list.. Any how I secured things up to the best way I know how for the moment. Any suggestions or suggested reading?
well the newbie form was the only one i could post to every other form gave me
access denied Not sure why figured it was the way it was setup. As for Remote Exploit or BackTrack 2 I look at it and to be honsest got me a little nervous lol
I new it was easy to get into wep I just didnt think it has become so easy my seven year old can do it. I understand its off topic and has no direct question about Remote Exploit or BackTrack 2 if thats a problem then I will just do the research I just figure I would ask.. Thanks for the responce anyway.
Obviously you're running a WISP as a convenience to customers. On the other hand, you're wanting more security. The problem here, as you may already see, is that security and convenience generally don't go together. WEP is worthless. WPA is OK. WPA with RADIUS is better. For total security (which is in reality only an illusion), no wireless at all is best.
Risk can only be managed, not eliminated. So you need to determine what amount of resources to dedicate to reducing the risk to an acceptable level.
(Damn, that CISSP studying is getting me somewhere...)
I do have a question is atheros cards supported? I know linux supports atheros. but when I ran the software it did not show up I had to change out my cards.
It may be the card as well I have had problems in the past with it.
thanks I have already seen that I dont see my card but I do see my chipset.
thanks for your help.
I run a large WISP. I would be happy to help you with some advice, even though it is off topic for this forum.
Disclaimer- this is based on my experience only. I am sure that there are users here that could blow any system wide open, and may have better advice due to their more focused expertise, so, for what it's worth:
1) Go to www(dot)part15(dot)org and read everything there. Your business is partially governed by the FCC under Part 15. You need to know your rights and obligations.
2) Do a google search for CALEA. There is a new law in place that requires you, as an ISP, to be able to provide an encrypted vpn stream as well as a data log to the authorities if served with a warrant for anyone on or using your network.
4) Run client seperation on your access points so that one client cannot see another client.
5) Seperate your accespoints with VLANS so that traffic from one AP cannot bridge to another AP.
6) Run WPA2 AES with RADIUS.
7) Consider investing in an ISS Proventia or a strong Snort system that can drop traffic based on rules.
8) If possible, do not run 802.11 equipment. If your customers are stationary, as in homes, try to use non wifi radios that run private encryption or a variant. Take a look at Trango for starters. This would prevent laptops from connecting at all, so it can't be used in a cafe hotspot scenario, but can be used to provide service to homes.
9) Bridge as much of your network as possible at layer 2 for performance increases.
10) require all endpoints (customers to have an SNMP enabled nat router with passwords that you control.
11) If you want to throttle bandwidth, do it at the customers NAT router so it doesn't chew up your network bandwidth.
If you want to chat more, PM me and we can trade contact info.
Hope this helps you some with your WISP
Thanks for the tips/considerations. HUGE help! I'm brand-new to the starting a WISP scene. I have a general idea of what needs set-up/configured, but I still have lots of questions. Currently I'm considering using SputnikNet's Control Center for account management, etc. (???) Here's the hardware I have:
and here's the potential clients: tinyurl.com/2sdkvo
I have yet to get the ISP Survival Guide: Strategies for Running a Competitive ISP by Geoff Huston I could really use a step-by-step guide.
I know there are a million legal, financial, and troubleshooting issues I have yet to overcome, but hopefully my persistent and obsessive behavior will pull me through.
Someone kill this thread before I WISP away and kill myself!!!!!
dd if=/dev/swc666 of=/dev/wyze