[NBLUG/talk] WiFi revisited
Lincoln Peters
sampln at sbcglobal.net
Mon Jun 7 12:03:03 PDT 2004
On Mon, 2004-06-07 at 11:36, Coy Thorp wrote:
> Your most secure Wireless implementation, of your choices, would be WPA w/
> Radius. Pre-shared keys are good, but radius requires a username and a
> password. It also depends on what level of WPA you are doing. WEP
> w/dynamic keys? TKIP? AES? I recommend either TKIP or AES, as
> man-in-the-middle attacks on WEP are highly successful, and not too
> difficult to do. One other level of authentication is to create certs for
> your clients and your wireless devices (highly recommended). You can do
> this with a local cert server (openSSL works great), or you can pay out the
> nose for an outside authority. Your choice. :)
Sounds good, but it raises some additional questions:
1. It looks like I would need to set up an external RADIUS server.
Looking at the "apt" repository for Debian/unstable, I can see several
different implementations to choose from:
a. freeradius
b. radius-cistron
c. radius-livingston
d. xtradius
e. yardradius
Does anyone have experience with any of these RADIUS servers? Any
recommendations? Recommended literature?
2. What do I need to do to make a client box running Debian/unstable
support the RADIUS protocol?
3. The router is capable of using either TKIP or AES; exactly the two
protocols you recommended. Are there any advantages or disadvantages to
using one rather than the other?
---
Lincoln Peters
<sampln at sbcglobal.net>
To err is human, to forgive is against company policy.
More information about the talk
mailing list