[NBLUG/talk] WiFi revisited

Lincoln Peters sampln at sbcglobal.net
Mon Jun 7 12:03:03 PDT 2004


On Mon, 2004-06-07 at 11:36, Coy Thorp wrote:
> Your most secure Wireless implementation, of your choices, would be WPA w/
> Radius.  Pre-shared keys are good, but radius requires a username and a
> password.  It also depends on what level of WPA you are doing.  WEP
> w/dynamic keys?  TKIP?  AES?  I recommend either TKIP or AES, as
> man-in-the-middle attacks on WEP are highly successful, and not too
> difficult to do.  One other level of authentication is to create certs for
> your clients and your wireless devices (highly recommended).  You can do
> this with a local cert server (openSSL works great), or you can pay out the
> nose for an outside authority.  Your choice. :) 

Sounds good, but it raises some additional questions:

1. It looks like I would need to set up an external RADIUS server. 
Looking at the "apt" repository for Debian/unstable, I can see several
different implementations to choose from:
  a. freeradius
  b. radius-cistron
  c. radius-livingston
  d. xtradius
  e. yardradius
Does anyone have experience with any of these RADIUS servers?  Any
recommendations?  Recommended literature?

2. What do I need to do to make a client box running Debian/unstable
support the RADIUS protocol?

3. The router is capable of using either TKIP or AES; exactly the two
protocols you recommended.  Are there any advantages or disadvantages to
using one rather than the other?

---
Lincoln Peters
<sampln at sbcglobal.net>

To err is human, to forgive is against company policy.





More information about the talk mailing list