| Paul on 9 Nov 2004 11:18:02 -0000 |
|
It seems that WPA-PSK (Wi-Fi Protected Access, Pre-Shared Key) is a good first step toward WPA-RADIUS. Although WPA-PSK has two possible vulnerabilities, it is easier to implement and is more secure compared to WEP. Both vulnerabilities that I'm thinking of are due to the PSK part. First, the PSK or passphrase might fall into the wrong hands. Second, a brute-force attack could be used to guess the passphrase. Just like handling login passwords, changing the passphrase routinely and choosing a less predictable phrase will help a lot. Getting my test setup to work with a WRT54GS router, a "classic" ORiNOCO Gold 11b card, and WinXP was very simple. Router config: Security Mode: WPA Pre-Shared Key WPA Algorithms: TKIP WPA Shared Key: something XP client config: Downloaded the latest ORiNOCO device driver. Installed a free WPA Supplicant.* (Q815485_WXP_SP2_x86_ENU.exe) Network Authentication: WPA-PSK Data encryption: TKIP Network key: something * A Supplicant is basically client software used to communicate with the authentication server. That's it. Pretty simple. As far as other OSes go, I know Linux has Supplicants available and I read the following about OS X: "WPA support with supplicant will be included in Mac OS X version 10.3 ("Panther") that will ship by the end of 2003." The next step is to switch to WPA-RADIUS using the FreeRADIUS server. Also, I'm thinking that using a RADIUS server for wired network authentication might be nice, too. Or am I getting carried away with this RADIUS stuff? ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|