[sf-lug] WIFI set-up

Rick Moen rick at linuxmafia.com
Sun Apr 17 13:36:53 PDT 2016


Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):

> I have more stringent firewall rules in my roaming configuration,  I
> don't know what else can be done with my available income.   

> I avoid using totally open public WiFi as seen on Market Street,

More for me, then.  ;->

If the concern is 'I worry that I cannot trust public networks', here's
a suggestion:  Don't trust public networks.  Send anything sensitive
over SSL (e.g., https) or SSH transport.  For extra points, use either
your own local recursive DNS nameserver or IPs 8.8.8.8 and 8.8.4.4
(Google Public DNS) instead of what the public wifi network suggests.

To those who say 'Some networks are dangerous', I reply 'How about just
assuming that all networks are dangerous?'  Works for Me.[tm]

I mean, c'mon.  What do you do over an unencrypted, public wifi network
that isn't either totally public anyway or sent over a separately
encrypted transport?

> If I had the income I would bring along a local router which would
> permit connecting to the local WiFi and provide a better firewall.

I'm unclear on what threat model you're trying to address.  

> Go for tight rules on your roaming configuration is all I can say.
> Mageia has its own firewall.

Again, to do what?  Most people who deploy local 'firewall' software end
up accomplishing nothing worthwhile, and often just DoS themselves.
Does your Mageia installation offer network services to the entire
world?  If not, what does the 'firewall' protect?  If so, why offer
network services to the entire world from a workstation?  Try _not_
offering network services to the entire world from a workstation.
At that point, your attack surface is reduced to just the core OS
network stack and kernel, which the 'firewall' can do nothing for,
anyway.

-- 
Cheers,                                      "My life has a superb cast,
Rick Moen                                    but I cannot figure out the plot."
rick at linuxmafia.com                                       -- Ashleigh Brilliant
McQ! (4x80)              




More information about the sf-lug mailing list