Level 2 Switch vs. WLAN

Mike K · Jan 19, 2017

If I want to Include my home LAN jnto my security system LAN, witch is a couple miles away, making a larger WAN, Do i need a
l 2 switch ?

tangent · Jan 19, 2017

hmjgriffon · Jan 19, 2017

Mike K said:
If I want to Include my home LAN jnto my security system LAN, witch is a couple miles away, making a larger WAN, Do i need a
l 2 switch ?

your security system lan is miles away from your house?

tangent · Jan 19, 2017

hmjgriffon said:
your security system lan is miles away from your house?

This is about a system at his business several miles from his house. Given the terrain and distance I'm not optimistic a point to point wifi network is viable, so I've been assuming he's going to get internet at his business. Then a VPN is the ideal solution to connect to this stuff from his house.

hmjgriffon · Jan 19, 2017

tangent said:
This is about a system at his business several miles from his house. Given the terrain and distance I'm not optimistic a point to point wifi network is viable, so I've been assuming he's going to get internet at his business. Then a VPN is the ideal solution to connect to this stuff from his house.

Indubitably, it just did not mention business lol VPN all day long, easy cheap way to watch the cameras securely. OpenVPN would be super simple to set up.

nayr · Jan 19, 2017

point to point vpn between the two routers if over the internet.. on different subnets, the'll act as one big happy network and not even know the VPN link is there.. but everything going across internet will be secure.

Mike K · Jan 19, 2017

Mike K said:
j

hmjgriffon said:
your security system lan is miles away from your house?

Yes it is on/in my farm buildings. At my home i have a 2tb desk top data backup storage device, printer, and other PCs that would be useful.

I have an opportunity to pickup a new primary level 2 managed switch but i'm not sure if level 2 will do the job or not? Maybe i need L3? I have read the definitions, but need an experence.

Mike K · Jan 19, 2017

tangent said:
This is about a system at his business several miles from his house. Given the terrain and distance I'm not optimistic a point to point wifi network is viable, so I've been assuming he's going to get internet at his business. Then a VPN is the ideal solution to connect to this stuff from his house

yes I will have WiFi at the farm.

tangent · Jan 19, 2017

Mike K said:
yes I will have WiFi at the farm.

What I was referring to there was a special long range wifi link that would go a couple miles... you'd likely have to build a tower to pull it off. I don't think you're trying to do this. IIRC there was discussion about this in one of your other threads and the conclusion was it probably wasn't viable.

Assuming an ISP connection, your upload bandwidth will be limiting likely 6-12mbps.

Mike K · Jan 19, 2017

tangent said:
What I was referring to there was a special long range wifi link that would go a couple miles... you'd likely have to build a tower to pull it off. I don't think you're trying to do this. IIRC there was discussion about this in one of your other threads and the conclusion was it probably wasn't viable.

Assuming an ISP connection, your upload bandwidth will be limiting likely 6-12mbps.

Yes the previous conclusion is correct. Comcast offers faster speeds with uploads up to 30 mps but it is expensive. My question is really about what level/layer capability is needed in the switch.

OSI model
by layer

7. Application layer [show]
6. Presentation layer [show]
5. Session layer [show]
4. Transport layer [show]
3. Network layer[show]
2. Data link layer [show]
1. Physical layer [show]

hmjgriffon · Jan 19, 2017

a VPN operates at layer 3, generally speaking, but you don't have to do VPN in the switch or router, you could do it on a server connected to the network, lots of options, all depends how complicated you want it to be.

Mike K · Jan 20, 2017

hmjgriffon said:
a VPN operates at layer 3, generally speaking, but you don't have to do VPN in the switch or router, you could do it on a server connected to the network, lots of options, all depends how complicated you want it to be.

Are you saying it can be set up with the win OS?

tangent · Jan 20, 2017

VPN Primer for Noobs

hmjgriffon · Jan 20, 2017

Mike K said:
Are you saying it can be set up with the win OS?

yup, or linux, hell, you could do it on a raspberri pi, dunno if I'd wanna put the load on it though.

tangent · Jan 20, 2017

Mike K said:
Are you saying it can be set up with the win OS?

The easiest way to do it is on your router (if supported)

hmjgriffon · Jan 20, 2017

just don't do PPTP for the love of all that is holy.

Mike K · Jan 20, 2017

hmjgriffon said:
just don't do PPTP for the love of all that is holy.

Noted:

PPTP is a fast, easy-to-use protocol. It is a good choice if OpenVPN isn't supported by your device. L2TP/IPsec is a good choice if OpenVPN isn't supported by your device and security is top priority. OpenVPN is the recommended protocol for desktops including Windows, Mac OS X and Linux.
VPN Protocol Comparison List - PPTP vs L2TP vs OpenVPN ™ vs ...
www.giganews.com/vyprvpn/compare-vpn-protocols.html

tangent · Jan 20, 2017

from wikipedia:

PPTP has been the subject of many security analyses and serious security vulnerabilities have been found in the protocol. The known vulnerabilities relate to the underlying PPP authentication protocols used, the design of the MPPE protocol as well as the integration between MPPE and PPP authentication for session key establishment.[2][3][4]

A summary of these vulnerabilities is below:

MS-CHAP-v1 is fundamentally insecure. Tools exist to trivially extract the NT Password hashes from a captured MSCHAP-v1 exchange.[5]
When using MS-CHAP-v1, MPPE uses the same RC4 session key for encryption in both directions of the communication flow. This can be cryptanalysed with standard methods by XORing the streams from each direction together.[6]
MS-CHAP-v2 is vulnerable to dictionary attacks on the captured challenge response packets. Tools exist to perform this process rapidly.[7]
In 2012, it was demonstrated that the complexity of a brute-force attack on a MS-CHAP-v2 key is equivalent to a brute-force attack on a single DES key. An online service was also demonstrated which is capable of decrypting a MS-CHAP-v2 MD4 passphrase in 23 hours.[8][9]
MPPE uses the RC4 stream cipher for encryption. There is no method for authentication of the ciphertext stream and therefore the ciphertext is vulnerable to a bit-flipping attack. An attacker could modify the stream in transit and adjust single bits to change the output stream without possibility of detection. These bit flips may be detected by the protocols themselves through checksums or other means.[5]

EAP-TLS is seen as the superior authentication choice for PPTP;[10] however, it requires implementation of a public-key infrastructure for both client and server certificates. As such, it may not be a viable authentication option for some remote access installations.

Mike K · Jan 21, 2017

tangent said:
from wikipedia:

PPTP has been the subject of many security analyses and serious security vulnerabilities have been found in the protocol. The known vulnerabilities relate to the underlying PPP authentication protocols used, the design of the MPPE protocol as well as the integration between MPPE and PPP authentication for session key establishment.[2][3][4]

A summary of these vulnerabilities is below:

MS-CHAP-v1 is fundamentally insecure. Tools exist to trivially extract the NT Password hashes from a captured MSCHAP-v1 exchange.[5]

When using MS-CHAP-v1, MPPE uses the same RC4 session key for encryption in both directions of the communication flow. This can be cryptanalysed with standard methods by XORing the streams from each direction together.[6]

MS-CHAP-v2 is vulnerable to dictionary attacks on the captured challenge response packets. Tools exist to perform this process rapidly.[7]

In 2012, it was demonstrated that the complexity of a brute-force attack on a MS-CHAP-v2 key is equivalent to a brute-force attack on a single DES key. An online service was also demonstrated which is capable of decrypting a MS-CHAP-v2 MD4 passphrase in 23 hours.[8][9]

MPPE uses the RC4 stream cipher for encryption. There is no method for authentication of the ciphertext stream and therefore the ciphertext is vulnerable to a bit-flipping attack. An attacker could modify the stream in transit and adjust single bits to change the output stream without possibility of detection. These bit flips may be detected by the protocols themselves through checksums or other means.[5]

EAP-TLS is seen as the superior authentication choice for PPTP;[10] however, it requires implementation of a public-key infrastructure for both client and server certificates. As such, it may not be a viable authentication option for some remote access installations.

Tangent,

Thanks, Thanks for all the good links.

ItechashardasIcanbro · Jan 24, 2017

The savage thing about setting a VPN on your buisness router is that you can access it from anywhere in the world .
️

Search

Level 2 Switch vs. WLAN

Mike K

Getting the hang of it

tangent

hmjgriffon

Known around here

tangent

hmjgriffon

Known around here

nayr

Mike K

Getting the hang of it

Mike K

Getting the hang of it

tangent

Mike K

Getting the hang of it

hmjgriffon

Known around here

Mike K

Getting the hang of it

tangent

hmjgriffon

Known around here

tangent

hmjgriffon

Known around here

Mike K

Getting the hang of it

tangent

Mike K

Getting the hang of it

ItechashardasIcanbro

Young grasshopper