Wireless Security

Security: I only read the article once, but this detail causes me to ask: what about the firewall or a similar - |between| visitors?
I understand that the built-in firewall separates my LAN from the rest. But among the Aliens, what happens?

Thanks
Antti

Is the FON wireless side on the same vlan as home wireless users?

Your writeup about security is a bit unclear without giving some insight into the ability to configure the firewall between the wireless net and the home net. As you've written it, the wireless net becomes useless for access to the home network, defeating the purpose behind having home wireless in the first place.

"So someone that connects to your wireless visitor network would not be able to connect to your personal computer if it’s on your home network."

We add security to your wireless network without encryption in two ways. The first is that when you install FON or buy a FON router it creates two segmented networks. One network is for people that connect over the wireless antennas (the visitor network) and the other network is for your personal computers that are connected locally (your home network). We separate the visitor and home networks using a firewall. So someone that connects to your wireless visitor network would not be able to connect to your personal computer if it’s on your home network.

The second thing we do is we give you the ability to restrict access to your hotspot only to FON users and specific people you trust, of course you can leave it open to anyone, but our default policy is to limit it to Foneros, Aliens and your family. When someone connects to your network over the wireless antenna, we restrict their access and only allow them to visit the FON authentication page. If they are Foneros then we allow them to browse the Internet, but not connect to your personal home network.

I am vey interested in hosting a wireless point. I and my family connect to our broadband wirelessly. Will we be able to sit behind the firewall and do our own netwrking around the house, or will the Fon firmware keep ALL wireless connections on the public side of the firewall? Clearly, we can not have our own laptops in the public domain.

Thanks

Well... yes, what about "home" wireless users ?

My 1 penny thought about it: last time I checked DD-WRT firmware (version 23), it included OpenVPN in its 'vpn' flavor.

I personally use OpenVPN (not on a DD-WRT-enabled router but on a Linux box on my LAN) as my VPN solution when I'm roaming out of home; it is very stable, not too difficult to configure and allows state-of-the-art certificates-based authentication and encryption mechanisms.

So, maybe here is THE solution for having a genuinely secure wireless link to the "home" LAN segment through the "visitor-welcome" WLAN segment .

Somehow, it would even be the "ultimate" solution, since an OpenVPN-secured "home" wireless link would allow you to access your "home" LAN from any FON Hotspot (or any other WAN location).

Regards

I'm glad I found this blog entry. It answered a few questions that I had on this subject, but it still leaves a few questions to be asked. First is encription on the wireless network itself. What's to keep someone with a wireless scanner from pulling up and sniffing my network? Just because there are two vlan's doesn't mean anything to a sniffer. It just takes in the data and process's it w/o reguard to the network rules (vlans, ip, routers ect). Do the FON enabled routers have some sort of encription at all?

Well done!
[url=http://vctbunhb.com/fohk/rzis.html]My homepage[/url] | [url=http://rctoisya.com/vviu/hgve.html]Cool site[/url]

Well done!
My homepage | Please visit

Great work!
http://vctbunhb.com/fohk/rzis.html | http://hsmjrzyo.com/sfsq/mzvj.html

So what your saying is Wireless is Destination natted to the web portal when using wireless.

Wireless is still the wild west and anyone with a wifi card in monitor mode can sniff and inject happily same as any Starbucks?

But if your on the wired interface your protected from the WIFI network as traffic is not forwarded across interfaces?

The private home network side of FON uses WPA encryption but has no WEP (so far as I peek and poke around). WPA is better of course.
However, my laptop wireless is not capable with WPA, only WEP is allowed. So now I use public side to use FON. Does anybody know how to enable WEP in private side? Or should I really buy WPA capable USB wireless adapter, for example?
Thank you for your kind input.

Hello Seiji - as you indicates WPA is much safer. For that reason we don't support wep on these routers.