While researching wireless security, I ran across an article discussing wireless LAN's at Lowe's.

As many know, Lowes uses Linux as their POS system. But it also turns out that they sometimes use a wireless connection within their store, between the POS and their servers. That's fine, except that many of these stores don't even bother to turn on WEP, let alone use real encryption.

Well, the article talks about 2 crackers from the Michigan 2600 scene who also noticed this. They were able to sit in their car and collect credit card numbers. Argh. There's even a comment from someone who went to a local Starbucks, and just accidentally connected to a nearby Lowe's network.

That certainly makes me think twice about using credit cards at a store like that (as I prepare to go there and buy a dishwasher).

Okay, it's time to get some wireless at home. I already had it on the laptop, but there was no way to connect to the local LAN. The benefits of connecting our laptop to the LAN are obvious -- remote printing, file sharing, no more using the laptop to dial into the Internet, a central server will do that (stop laughing, it's not like I don't want high speed), etc.

The drawbacks of using wireless to do this are also obvious -- namely, security and speed. I feel that I can adequatly secure our connection. And it's not like any wardrivers are going to tap into our measly dial-up connection (aha, there is a benefit to dial-up, take that broadband gloaters). Speed -- well, I probably won't do NFS home dirs like we do on the desktops (which use 100Mbit), but that's okay.

The next question is, what wireless device. We can get wireless access points, wireless routers, and wireless NIC's. Why would I want one over the other? I wasn't sure, so I asked the local LUG (I'll include a link later, the archives appear to be down). It generated a lot of discussion, which was great. Making it ever more interesting was that each of the above was recommended by at least one person, and each with very good reasons. Which is perfect, because it really means it's personal perference. I prefer to take things, rip out all the guts, and rearrange them the way I like (which, IMHO, makes it better... usually :-)

So that takes us to option #3 -- buying a wireless PCI NIC and adding that to one of the servers on the LAN. We'll build our own wireless access point :-) Wireless NIC's can be put into ad-hoc mode, easily allowing other wireless devices to connect to it. Even better are wireless NIC's with the Prism2 chipset, which can be put into HostAP mode. This allows them to act as access points, send out beacons, and the like. I'm not sure which mode I'll use, each has their advantages.

To secure the link, I'll use IPSEC to encrypt wireless traffic, and for wireless client authentication. We can also save a client the trouble of choosing an IP address by using DHCP-over-IPSEC. I also don't want to have to worry about turning off the wireless access when I'm not around. Using IPSEC for authorization will help, but I'm thinking about adding Fake AP to the mix. Fake AP makes it look as if there are 53,000 access points in the area, making it incredibly difficult to find the real one, particularly when no one is using it.

Once all that is set up, I can use my laptop from anywhere in the house. Almost, I still need to buy that new battery.