Paul on 9 Nov 2004 11:18:02 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Revisited, Large Wireless Network on the Cheap


It seems that WPA-PSK (Wi-Fi Protected Access, Pre-Shared Key) is a good first step toward WPA-RADIUS.

Although WPA-PSK has two possible vulnerabilities, it is easier to implement and is more secure compared to WEP. Both vulnerabilities that I'm thinking of are due to the PSK part. First, the PSK or passphrase might fall into the wrong hands. Second, a brute-force attack could be used to guess the passphrase. Just like handling login passwords, changing the passphrase routinely and choosing a less predictable phrase will help a lot.

Getting my test setup to work with a WRT54GS router, a "classic" ORiNOCO Gold 11b card, and WinXP was very simple.

Router config:
Security Mode: WPA Pre-Shared Key
WPA Algorithms: TKIP
WPA Shared  Key: something

XP client config:
Downloaded the latest ORiNOCO device driver.
Installed a free WPA Supplicant.* (Q815485_WXP_SP2_x86_ENU.exe)
Network Authentication: WPA-PSK
Data encryption: TKIP
Network key: something

* A Supplicant is basically client software used to communicate with the authentication server.

That's it.  Pretty simple.

As far as other OSes go, I know Linux has Supplicants available and I read the following about OS X: "WPA support with supplicant will be included in Mac OS X version 10.3 ("Panther") that will ship by the end of 2003."

The next step is to switch to WPA-RADIUS using the FreeRADIUS server. Also, I'm thinking that using a RADIUS server for wired network authentication might be nice, too. Or am I getting carried away with this RADIUS stuff?

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug