Securing an open hotspot...

There is a point to this madness, but I'm now beginning a new quest -- to figure out how to "secure" an "open" hotspot. :^)

By "open", I am implying a hotspot that is using no WEP/WPA encryption, authentication, or MAC filtering. This is by intention.

By "securing", I am implying a method that would provide some protection to in-flight packets from would-be sniffers. Yes, I know they can't be prevented from being collected, but it seems resonable that they could be encapsulated with some sort of encryption -- other than WEP or WPA.

The objective is to allow open access to any client, with zero configuration on their behalf, while at the same time provide some level of protection to in-flight packets.

Just spent some of the morning looking at the IEEE 802.11[n] drafts and, unfortunetly, without using WEP/WPA everything is going out over the air plain-text, with the exception of data coming from an SSL website of course. I'm looking for a way to make wireless the equivalent of, say, an open ethernet network. Anyone can plug right into the ethernet network, but at the same time the ethernet (being hardwire) provides some level of physical security. Yes, I am aware, that someone could simply just plug into it and sniff away -- but as I said, "some level" of physical security. Wireless is a whole new animal.

The only thing that immiedietly comes to mind is setting up a proxy web server that would provide an SSL layer for absolutetly EVERYTHING that passes through, but this would would work only for HTTP access. If possible, would also like to protect, at least, email data transfers as well -- that is, email transfered to/from email clients, not web-based email.

The pony trick is doing this without requiring any configuration on the client's behalf. :^)

Thinking SSL is probably the only thing that would work here, so if need be -- I could set up a web based email portal that would work with any POP3 email address.

Just throwing this out into the wind to see if anyone knows of any clever tricks. Probably commercial hardware that does all of this, but not looking to spend thousands on a "Cisco 5000 v.everything-you-ever.could-possibly-want". Computer hardware resources, however, are no problem. (Got 16 old fully working P2's in the basement. Bought a whole skid of them at a very good price. They are all 200 Mhz,

64MB RAM, 9 GB HDD, CD, ethernet, ect. Played around with parallel processing at one time and also use them for "special projects".) Also, I'm open with working with any OS as well.



Reply to
Loading thread data ...

"Eric" wrote in news:cQHTd.785$Nv5.271

I don't think this is possible.

But clients who care about security would use VPN anyways.

Reply to

I did the proxy HTTP SSL thing earlier tonight and did get something working -- but for anything else, the prospects don't seem too good. :^)

Agreed about VPN, but this was more of a just a learning exercise of enthusiasim. (Fitting square plugs into round holes.)



Reply to

would isolating each of the wireless clients from one another suffice?

the linksys wrt54g can enable 'ap isolation' which will create a virtual network for each wireless client and they will not be able to communicate with each other.

Reply to
nospam Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.