{"id":41,"date":"2012-05-24T18:26:50","date_gmt":"2012-05-24T18:26:50","guid":{"rendered":"http:\/\/thebrotherswisp.com\/?p=41"},"modified":"2012-05-24T18:26:50","modified_gmt":"2012-05-24T18:26:50","slug":"5-22-12-podcast-wisp-security","status":"publish","type":"post","link":"https:\/\/thebrotherswisp.com\/index.php\/5-22-12-podcast-wisp-security\/%","title":{"rendered":"5-22-12 Podcast &#8211; WISP Security"},"content":{"rendered":"<p>This episode has <a href=\"http:\/\/3dbwireless.com\/boyd\/\">JJ Boyd<\/a>, <a href=\"http:\/\/www.mtin.net\/blog\/\">Justin Wilson<\/a> and Myself(<a href=\"http:\/\/gregsowell.com\">Greg Sowell<\/a>).  <a href=\"http:\/\/mikrotik-routeros.com\/\">Andrew<\/a> was unfortunately grabbing some much needed sleep.<\/p>\n<p>We talk loosely about WISP security, bonding multiple connections across the internet, and Ubiquiti open lower frequency channels.<\/p>\n<p><strong>Talking points for the security section:<\/strong><br \/>\nSecuring border router<br \/>\n  + Router itself<br \/>\n  +  \u2022 Disable unused services.  Lock down administrative access.  Put reflexive rules in place.<br \/>\n  + Access to publicly addressed assets inside<br \/>\n  +  \u2022 Block external admin access.  Put reflexive rules in place.<\/p>\n<p>Securing towers<br \/>\n  + Protect from clients<br \/>\n  +  \u2022 Towers should already be protected from outside access.  Disable unused services.  Lock down administrative access.  Prevent clients from communication through tower.<br \/>\n  +  \u2022 Encrypt backhauls.  Potential impact to Aps should be pretty low.<\/p>\n<p>Securing clients<br \/>\n  +  Protect from clients.<br \/>\n  +  \u2022 Disable unused services.  Lock down administrative access.<br \/>\n  +  \u2022 Encrypt to clients.  Why not?<\/p>\n<p>Securing administrative machines<br \/>\n  +  Protect dude server<br \/>\n  +  \u2022 Don\u2019t install on local machine.  Keep it secured on a machine you don\u2019t surf the web from.<br \/>\n  +  Protect admin machines<br \/>\n  +  \u2022 Attempt to keep your work machine as clean as possible.  Don\u2019t be the source of the problem.<\/p>\n<p><strong>Links:<\/strong><br \/>\n<a href=\"http:\/\/gregsowell.com\/?p=1076\">GregSowell training video on security.<\/a><br \/>\n<a href=\"http:\/\/www.mtin.net\/blog\/to-encrypt-or-not-to-encrypt-on-a-wisp-network-1326\">Justin&#8217;s thoughts on encryption.<\/a><br \/>\n<a href=\"https:\/\/www.countryipblocks.net\/country_selection.php\">CIDR blocks by country.<\/a><br \/>\n<a href=\"http:\/\/gregsowell.com\/?p=3826\">Program to convert CIDR blocks to firewall entries for Mikrotik.<\/a><br \/>\n<a href=\"http:\/\/wiki.ubnt.com\/AirOS_5.3\">Client isolation(found in this document).<\/a><br \/>\n<a href=\"http:\/\/www.3dbwireless.com\/boyd\/?p=752\">Ubiquiti 5Ghz UNII-2 FCC Approval!<\/a><br \/>\n<a href=\"http:\/\/gregsowell.com\/?p=3821\">Speedtest mini<\/a><\/p>\n<p><strong>Here&#8217;s the video:<\/strong>(if you don&#8217;t see it, hit refresh)<br \/>\n<iframe loading=\"lazy\" width=\"420\" height=\"315\" src=\"http:\/\/www.youtube.com\/embed\/n6gKVOAbcKY\" frameborder=\"0\" allowfullscreen><\/iframe><\/p>\n<p><a href=\"https:\/\/thebrotherswisp.com\/?feed=podcast\"><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"\/img\/feedlink.png\" title=\"Feed\" class=\"alignnone\" width=\"576\" height=\"108\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode has JJ Boyd, Justin Wilson and Myself(Greg Sowell). Andrew was unfortunately grabbing some much needed sleep. We talk loosely about WISP security, bonding multiple connections across the internet, and Ubiquiti open lower frequency channels. Talking points for the security section: Securing border router + Router itself + \u2022 Disable unused services. Lock down [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"episode_type":"","audio_file":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","date_recorded":"","explicit":"","block":"","filesize_raw":"","footnotes":""},"categories":[27,11,21],"tags":[],"class_list":["post-41","post","type-post","status-publish","format-standard","hentry","category-hardware","category-mikrotik","category-ubiquiti"],"_links":{"self":[{"href":"https:\/\/thebrotherswisp.com\/index.php\/wp-json\/wp\/v2\/posts\/41","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thebrotherswisp.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thebrotherswisp.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thebrotherswisp.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/thebrotherswisp.com\/index.php\/wp-json\/wp\/v2\/comments?post=41"}],"version-history":[{"count":0,"href":"https:\/\/thebrotherswisp.com\/index.php\/wp-json\/wp\/v2\/posts\/41\/revisions"}],"wp:attachment":[{"href":"https:\/\/thebrotherswisp.com\/index.php\/wp-json\/wp\/v2\/media?parent=41"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thebrotherswisp.com\/index.php\/wp-json\/wp\/v2\/categories?post=41"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thebrotherswisp.com\/index.php\/wp-json\/wp\/v2\/tags?post=41"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}