Peter Corbett and Tim Carmean

• Automatic setup
  • Ships with DHCP enabled, OK in most cases
  • Static setup varries by distribution
• Always keep up to date with OS updates
  • • Apt (Debian; Ubuntu)
    • Yum (Fedora)
    • Red Carpet (SuSE)
    • ...or by hand

• Static setup
  • /etc/network/interfaces (Debian-based)
  • /etc/sysconfig/network/ifcfg-* (RedHat-based)
• Enable forwarding
  • Startup scripts, sysctl.conf, firewall ruleset, or other
  • echo "1" > /proc/sys/net/ipv4/ip_forward
  • Filtering rules
    • NetFilter / iptables
    • Default: Everying not explicitly allowed is forbidden
    • Quick and easy GUI tools in most distros

• Don't run anything you don't need
• SSH -- remote access
• Apache -- personal web server
• Samba -- Windows file sharing
• Most distros run little or nothing out-of-the box, only add what you need

• Passwords in clear text -- easy to snoop
  • Telnet, FTP, POP3/IMAP

• telnet --> SSH
  • Also does X forwarding, VPN tunnels, and no-password logins as well
• Use SSL tunnels for HTTP (web), POP/IMAP and SMTP (email), and most others
• IPsec (see later presentation)

• Shared media -- easy to sniff
• non-broadcast ESSID
• MAC locking -- restrict to specific network cards
• WEP, WPA
  • WEP on older models is insecure
  • WPA is better, but not by much

• 802.1x
  • Complicated to set up
  • not all AP's support it
• 802.11i
  • Coming Real Soon Now
• Most home broadband routers are wide open out-of-the-box!