RE: [MLUG] Plain text wep key?

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
To: "McIntosh, Jason W." <EMAIL:PROTECTED>
Subject: RE: [MLUG] Plain text wep key?
From: "Harris, Michael C." <EMAIL:PROTECTED>
Date: Tue, 5 Apr 2005 16:59:27 -0500
Cc: MLUG Members <EMAIL:PROTECTED>
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED
Thread-index: AcU6AurPmE8U1BS8QOCeDKNEmCU/OAAJtnKA
Thread-topic: [MLUG] Plain text wep key?
802.11a is up at 5ghz instead of 2.4 which allows more channels for better coverage in larger enterprises without overlap and hidden channel problems.  possibly more bandwidth at that frequency but there is not as much development going on there into compression and other bandwidth basically feature development is not as aggressive there.

802.11a is used regularly for point to point bridges & links.  Much of the industrial gear is a one off of 802.11a as well

Mike 

------------------------------------
Mike Harris
System Security Analyst & Instructor
University Of Missouri Health Center
EMAIL:PROTECTED  KCØPAH
------------------------------------


-----Original Message-----
From: EMAIL:PROTECTED [mailto:EMAIL:PROTECTED] On Behalf Of Jason McIntosh
Sent: Tuesday, April 05, 2005 12:14 PM
To: MLUG Members
Subject: Re: [MLUG] Plain text wep key?

Hmm, with the 802.11a stuff, thought it was much slower and shorter range than the 802.11g?  Wasn't it 802.11i or something like that that was going to use the same band as 802.11a, but add security and range as well as speed?
Jason

/--------------------------------------|---------------------------\
| Jason McIntosh                       | CELL: 573-424-7612        |
| Webmaster, thinker, Programmer, etc. | WORK: 573-884-3865        |
| http://poetshome.com/                |                           |
|------------------------------------------------------------------|
|"How should I know if it works?  That's what beta testers are     |
|for.  I only coded it."                                           |
|(Attributed to Linus Torvalds, somewhere in a posting)            |
\--------------------------------------|---------------------------/
GnuPG Key:  
http://poetshome.com/about/jmcintosh_mlug.missouri.edu.gpgkey
On Apr 5, 2005, at 12:07 PM, McNutt, Justin M. wrote:

>> Hmm, ok, have to ask here Justin - I remember a study a little while 
>> back, I believe it was on tomshardware.com, where they compared the 
>> "enterprise" class access points to the standard consumer versions, 
>> and found that the consumer versions performance wise, load wise, 
>> etc. blew the enterprise versions away.
>> http://www.tomsnetworking.com/Sections-article87-page1.php
>
> Except that, from personal experience, the consumer-class APs fail in 
> these four ways:
>
> 1)  Tend to not support a/b/g (b/g sure, but a/b/g less often).
>
> 2)  Are not manageable via SNMP and/or by a central management server.
>
> 3)  Have shorter mean time between failures.
>
> 4)  Tend to not have *secure* management.
>
> The management thing is really the biggest deal.  If you deploy 10 
> APs, you don't mind hitting them all from the Web from time to time to 
> make changes.  When you deploy 500 of them, however, it's a much 
> bigger deal.
>
>> Another question related to this - what do you think of the Apple 
>> Airport base stations?  Those seemed like really nice AP's to me.  
>> The management side anyways seemed close to enterprise grade AP's 
>> with the functionality they provide.
>
> I haven't had a chance to play with one, myself (and there's enough 
> R&D going on around here all the time that I'm not likely to), but I 
> haven't heard of any complaints from anyone using one.
>
>> On another thought/note - couldn't you use something like Radius 
>> authentication with most access points right now?  What's the 
>> advantage/disadvantage to using such a system?  How does RADIUS then 
>> work with the wireless network - does it use it to generate a WEP 
>> key, or something else funky, or is it authorization then you have to 
>> login?
>
> I assume we're talking about EAP here, since that's the only case 
> where RADIUS is involved in network access...
>
> RADIUS never provides WEP keys (or I should say, "shouldn't").  RADIUS 
> can authenticate the user, can authorize (or not) a user to use the 
> network, and in some cases can provide things like VLAN IDs and other 
> configuration information to the AP or switch.  However, w.r.t. WEP, 
> it's best to let the client and the AP negotiate the rotating WEP keys 
> and leave RADIUS out of it.
>
> I'm actually reading an article about the various EAP methods right 
> now, and none of them are very pretty.  Even the best two (EAP-TTLS 
> and PEAP) are subject to man-in-the-middle attacks.
>
>> Something I'd noticed another campus doing was actually restricting 
>> your machine from accessing the network till you went to a page, 
>> logged in with your account, and got authorized to connect.  I 
>> believe, at a guess, that it was adding the Mac address to DHCP, or 
>> something else, but I'm curious as to a) why not do something like 
>> this on the wireless access points on campus, and b) how exactly 
>> someone does something like this - simple dhcp redirects?  MAC 
>> address filtering of some sort?
>
> (MAC in this context is capitalized.  "Mac" is a computer.  "MAC" is 
> an address.)
>
> We're working on that.  In fact, it's already implemented in the res 
> hall network.
>
> There are several ways to accomplish this.  The way we're doing it 
> (via DHCP and DNS) works, but I don't like it.  The best way to do it 
> isn't really practical (an in-line device that acts as your default
> gateway) because we have higher bandwidth requirements than are 
> supported by most such devices.
>
> We're ultimately going to build a hybrid system.  Unregistered?  DHCP 
> gives you an address and a gateway that sends you though the portal.
> Registered?  DHCP gives you an address and a gateway that lets you get 
> to anything you want.  DHCP decides by MAC address how to handle 
> things (an ACL, rather than a filter).
>
> It's still defeatable in the short term - since you could configure 
> your machine with a 'seen' registered MAC and/or just hard code in 
> your IP and mask - but there are ways to detect people who defeat it, 
> especially in the second case.
>
>> Some other questions - I see a lot of advertisements for 802.11a, but 
>> I don't know if I've ever seen a device which actually uses it.  What 
>> the heck does?  Any reason to support it, considering how uncommon it 
>> is?
>> Thanks!
>
> Personally, I think wireless networking is going to move away from the 
> 2.4GHz band and toward 802.11a (5.8GHz) because there are so many 
> 2.4GHz devices messing up the 2.4 band.  802.11b clients slow 
> everything down.  Microwave ovens and 2.4GHz phones wreak havoc with 
> your signal, etc.
>
> As for what uses that band, a lot of laptops are coming with a/b/g 
> NICs nowadays.  There aren't a lot of 802.11a networks yet, but I 
> predict there will be.  We're working on getting 802.11a enabled on 
> our gear, hopefully this summer.  The current Nortel stuff supports 
> it, but we haven't enabled it yet due to coverage issues (IIRC).
>
> --J
>
> _______________________________________________
> members mailing list
> EMAIL:PROTECTED
> http://mlug.missouri.edu/mailman/listinfo/members

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members
Prev by Date: [MLUG] Oracle issue driving me NUTS
Next by Date: Re: [MLUG] COIN + Kinternet
Previous by thread: Re: [MLUG] Plain text wep key?
Next by thread: RE: [MLUG] Plain text wep key?
Index(es):
- Date
- Thread