Jason Costomiris on Sun, 12 Jan 2003 19:44:09 -0500 |
On Sun, 2003-01-12 at 11:38, Jesse Huestis wrote:Throwing my two cents in, I have been installing Linksys, Intel and DLink access points/routers for my clients using the 801.1b standard. There are a number of features for security, depending on your AP vendor. Here's a few: 1. Closed Networks - Netstumbler & friends work because APs sit there beaconing. Essentially, it's a broadcast advertising the availability of the network, providing the SSID of the WLAN. Closed networks either remove the SSID from the beacons or just don't beacon. Of course, if you were sniffing with something like Airopeek, you could still pull 802.11b frames out of the air, but you'd have to KNOW there's an AP in range for you to sniff. It mostly keeps the war(drivers|walkers) away. 2. MAC-based authentication - many APs (including Apple Airport) allow you to say who can and cannot connect by MAC address. Apple also allows you to plug this into a RADIUS server, which would be a repository for the MAC addresses of permitted clients. It is helpful, but a sophisticated attacker can change his MAC address to suit his needs. 3. 802.1x - standards-track authentication protocol, supports use of x.509 digital certs. The underlying authentication protocol is referred to as EAP, which can also run over TLS (EAP-TLS). 4. Proprietary authentication schemes - probably the best one is Cisco's LEAP. It supports dynamic regeneration of WEP keys (at about a 10 minute interval, if I recall). 5. WEP - Yes, it's much maligned, but it's better than nothing. The so-called 128-bit WEP isn't. It's really a 104-bit cipher with a 24-bit initialization vector (aka the IV). Same goes for 64-bit WEP, it's really 40-bit. It's not going to prying eyes out forever, but if you're diligent about changing WEP keys, you'll prevent the bad guys from associating with your AP, which after all, is your goal.
_________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|