Level 2 Switch vs. WLAN

Mike K

Mike K

Getting the hang of it
Mar 13, 2016
381
40
Howell, Michigan
If I want to Include my home LAN jnto my security system LAN, witch is a couple miles away, making a larger WAN, Do i need a
l 2 switch ?
 
hmjgriffon said:
your security system lan is miles away from your house?
Click to expand...
This is about a system at his business several miles from his house. Given the terrain and distance I'm not optimistic a point to point wifi network is viable, so I've been assuming he's going to get internet at his business. Then a VPN is the ideal solution to connect to this stuff from his house.
 
  • Like
Reactions: hmjgriffon
tangent said:
This is about a system at his business several miles from his house. Given the terrain and distance I'm not optimistic a point to point wifi network is viable, so I've been assuming he's going to get internet at his business. Then a VPN is the ideal solution to connect to this stuff from his house.
Click to expand...

Indubitably, it just did not mention business lol VPN all day long, easy cheap way to watch the cameras securely. OpenVPN would be super simple to set up.
 
point to point vpn between the two routers if over the internet.. on different subnets, the'll act as one big happy network and not even know the VPN link is there.. but everything going across internet will be secure.
 
  • Like
Reactions: hmjgriffon
Mike K said:
j
Click to expand...
hmjgriffon said:
your security system lan is miles away from your house?
Click to expand...

Yes it is on/in my farm buildings. At my home i have a 2tb desk top data backup storage device, printer, and other PCs that would be useful.

I have an opportunity to pickup a new primary level 2 managed switch but i'm not sure if level 2 will do the job or not? Maybe i need L3? I have read the definitions, but need an experence.
 
Last edited:
  • Like
Reactions: hmjgriffon
tangent said:
This is about a system at his business several miles from his house. Given the terrain and distance I'm not optimistic a point to point wifi network is viable, so I've been assuming he's going to get internet at his business. Then a VPN is the ideal solution to connect to this stuff from his house
Click to expand...

yes I will have WiFi at the farm.
 
Mike K said:
yes I will have WiFi at the farm.
Click to expand...
What I was referring to there was a special long range wifi link that would go a couple miles... you'd likely have to build a tower to pull it off. I don't think you're trying to do this. IIRC there was discussion about this in one of your other threads and the conclusion was it probably wasn't viable.

Assuming an ISP connection, your upload bandwidth will be limiting likely 6-12mbps.
 
tangent said:
What I was referring to there was a special long range wifi link that would go a couple miles... you'd likely have to build a tower to pull it off. I don't think you're trying to do this. IIRC there was discussion about this in one of your other threads and the conclusion was it probably wasn't viable.

Assuming an ISP connection, your upload bandwidth will be limiting likely 6-12mbps.
Click to expand...

Yes the previous conclusion is correct. Comcast offers faster speeds with uploads up to 30 mps but it is expensive. My question is really about what level/layer capability is needed in the switch.

OSI model
by layer

7. Application layer[show]
6. Presentation layer[show]
5. Session layer[show]
4. Transport layer[show]
3. Network layer[show]
2. Data link layer[show]
1. Physical layer[show]
 
Last edited:
a VPN operates at layer 3, generally speaking, but you don't have to do VPN in the switch or router, you could do it on a server connected to the network, lots of options, all depends how complicated you want it to be.
 
hmjgriffon said:
a VPN operates at layer 3, generally speaking, but you don't have to do VPN in the switch or router, you could do it on a server connected to the network, lots of options, all depends how complicated you want it to be.
Click to expand...

Are you saying it can be set up with the win OS?
 
  • Like
Reactions: hmjgriffon
hmjgriffon said:
just don't do PPTP for the love of all that is holy.
Click to expand...

Noted:

PPTP is a fast, easy-to-use protocol. It is a good choice if OpenVPN isn't supported by your device. L2TP/IPsec is a good choice if OpenVPN isn't supported by your device and security is top priority. OpenVPN is the recommended protocol for desktops including Windows, Mac OS X and Linux.
VPN Protocol Comparison List - PPTP vs L2TP vs OpenVPN ™ vs ...
www.giganews.com/vyprvpn/compare-vpn-protocols.html
 
from wikipedia:


PPTP has been the subject of many security analyses and serious security vulnerabilities have been found in the protocol. The known vulnerabilities relate to the underlying PPP authentication protocols used, the design of the MPPE protocol as well as the integration between MPPE and PPP authentication for session key establishment.[2][3][4]

A summary of these vulnerabilities is below:

  • MS-CHAP-v1 is fundamentally insecure. Tools exist to trivially extract the NT Password hashes from a captured MSCHAP-v1 exchange.[5]
  • When using MS-CHAP-v1, MPPE uses the same RC4 session key for encryption in both directions of the communication flow. This can be cryptanalysed with standard methods by XORing the streams from each direction together.[6]
  • MS-CHAP-v2 is vulnerable to dictionary attacks on the captured challenge response packets. Tools exist to perform this process rapidly.[7]
  • In 2012, it was demonstrated that the complexity of a brute-force attack on a MS-CHAP-v2 key is equivalent to a brute-force attack on a single DES key. An online service was also demonstrated which is capable of decrypting a MS-CHAP-v2 MD4 passphrase in 23 hours.[8][9]
  • MPPE uses the RC4 stream cipher for encryption. There is no method for authentication of the ciphertext stream and therefore the ciphertext is vulnerable to a bit-flipping attack. An attacker could modify the stream in transit and adjust single bits to change the output stream without possibility of detection. These bit flips may be detected by the protocols themselves through checksums or other means.[5]
EAP-TLS is seen as the superior authentication choice for PPTP;[10] however, it requires implementation of a public-key infrastructure for both client and server certificates. As such, it may not be a viable authentication option for some remote access installations.
 
  • Like
Reactions: Mike K
tangent said:
from wikipedia:


PPTP has been the subject of many security analyses and serious security vulnerabilities have been found in the protocol. The known vulnerabilities relate to the underlying PPP authentication protocols used, the design of the MPPE protocol as well as the integration between MPPE and PPP authentication for session key establishment.[2][3][4]

A summary of these vulnerabilities is below:

  • MS-CHAP-v1 is fundamentally insecure. Tools exist to trivially extract the NT Password hashes from a captured MSCHAP-v1 exchange.[5]
  • When using MS-CHAP-v1, MPPE uses the same RC4 session key for encryption in both directions of the communication flow. This can be cryptanalysed with standard methods by XORing the streams from each direction together.[6]
  • MS-CHAP-v2 is vulnerable to dictionary attacks on the captured challenge response packets. Tools exist to perform this process rapidly.[7]
  • In 2012, it was demonstrated that the complexity of a brute-force attack on a MS-CHAP-v2 key is equivalent to a brute-force attack on a single DES key. An online service was also demonstrated which is capable of decrypting a MS-CHAP-v2 MD4 passphrase in 23 hours.[8][9]
  • MPPE uses the RC4 stream cipher for encryption. There is no method for authentication of the ciphertext stream and therefore the ciphertext is vulnerable to a bit-flipping attack. An attacker could modify the stream in transit and adjust single bits to change the output stream without possibility of detection. These bit flips may be detected by the protocols themselves through checksums or other means.[5]
EAP-TLS is seen as the superior authentication choice for PPTP;[10] however, it requires implementation of a public-key infrastructure for both client and server certificates. As such, it may not be a viable authentication option for some remote access installations.
Click to expand...

Tangent,

Thanks, Thanks for all the good links.
 
You must log in or register to reply here.
Top Bottom