NetStumbler.org Forums

Go Back   NetStumbler.org Forums > WiFi Forums > Hardware
Reload this Page new question for the masses
Register Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
Old 09-01-2005   #1 (permalink)
Starpoint
Pr0nStumbler Expert Level
 
Starpoint's Avatar
 
Join Date: Apr 2003
Location: Houston
Posts: 2,536
new question for the masses
I have seen software packages where one can set up a Radius type authentication server for wifi users but have never poked around with them much (maybe I need to try one on a scratchbox).

My question is this: Is there such wireless gear (AP's) that can be set up over a large area to give a good wifi footprint using multiple AP's but yet all use 1 common authentication server for MAC filtering?

I am asking because a friend of mine's company is thinking about doing wireless so I did a quick consulting job for them at his request (made a few bucks) and told them that unless they are willing to make it secure, it will be more of a network risk than posting the admin password in the lobby.

I told them that most your AP's support 128 bit WEP, WPA is better, then you have LEAP from Cisco which I found out that airlink card does(calls it CCX) but having a MAC filter is a must so that even if someone gets the WEP/WPA info, they still cannot associate with the AP.

I know there is some gear out there that has multiple antenna's that you can run about 100-200 feet away from the base unit, that might work.
__________________
Against the run of the mill, static as it seems

We break the surface tension with our wild kinetic dreams
Curves and lines -- of grand designs...

Tonight's movie "Soylent Green" has been brought to you by our sponsor - Waste Management

My mind is like a Steel trap - Rusty and Illegal in most states
Starpoint is offline   Reply With Quote
Old 09-01-2005   #2 (permalink)
MikeP928
Heeere's your sign!
 
MikeP928's Avatar
 
Join Date: May 2002
Location: Mexico Beach, FL
Posts: 1,169
If your APs support 802.1X, you can set up a radius server and do MAC authentication. Digital Canopy in downtown Tallahassee uses this technique. The production server is Funk's Steel-Belted Radius.

You can pick up some basic freeware radius servers that run on Windoze to do quick testing. Undocumented tip: Crisco APs have to have the MAC addy in the userid and password fields. Don't ask how much fun it was to learn that.

MikeP
__________________
Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote.
-- Benjamin Franklin, 1759
MikeP928 is offline   Reply With Quote
Old 09-01-2005   #3 (permalink)
Starpoint
Pr0nStumbler Expert Level
 
Starpoint's Avatar
 
Join Date: Apr 2003
Location: Houston
Posts: 2,536
Quote:
Originally Posted by MikeP928
If your APs support 802.1X, you can set up a radius server and do MAC authentication. Digital Canopy in downtown Tallahassee uses this technique. The production server is Funk's Steel-Belted Radius.

You can pick up some basic freeware radius servers that run on Windoze to do quick testing. Undocumented tip: Crisco APs have to have the MAC addy in the userid and password fields. Don't ask how much fun it was to learn that.

MikeP
I have a copy of Funk's Steel Belted Radius.. hmmm might need to spawn up a machine.

thanks
__________________
Against the run of the mill, static as it seems

We break the surface tension with our wild kinetic dreams
Curves and lines -- of grand designs...

Tonight's movie "Soylent Green" has been brought to you by our sponsor - Waste Management

My mind is like a Steel trap - Rusty and Illegal in most states
Starpoint is offline   Reply With Quote
Old 09-01-2005   #4 (permalink)
Roy_M
Registered Member
 
Join Date: Jun 2005
Posts: 72
Quote:
Originally Posted by Starpoint
I have seen software packages where one can set up a Radius type authentication server for wifi users but have never poked around with them much (maybe I need to try one on a scratchbox).

My question is this: Is there such wireless gear (AP's) that can be set up over a large area to give a good wifi footprint using multiple AP's but yet all use 1 common authentication server for MAC filtering?
All good (Cisco, Enterasys etc) AP's will do this using the 802.1X protocol. Which will allow authentication over the distributed system via a RADIUS server. I'm not sure if they will do MAC filtering.

But if you're security conscious MAC filtering is useless. If an attacker can break your WPA(TKIP) security they will have no problem sniffing and stealing a MAC address. MAC filtering is about as useless as preventing SSID broadcasts.

Quote:
Originally Posted by Starpoint
I told them that most your AP's support 128 bit WEP, WPA is better, then you have LEAP from Cisco which I found out that airlink card does(calls it CCX) but having a MAC filter is a must so that even if someone gets the WEP/WPA info, they still cannot associate with the AP.
As someone on these forums is known for, LEAP is as insecure and in someways moreso than WEP and it will require Cisco AP's

Quote:
Originally Posted by Starpoint
I know there is some gear out there that has multiple antenna's that you can run about 100-200 feet away from the base unit, that might work.
Im pretty sure most gear will do this.
Roy_M is offline   Reply With Quote
Reply

« Question for the Masses | New Senao 200mW USB? »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Google
 
Web NetStumbler.org

All times are GMT -7. The time now is 08:51 PM.

Contact Us - NetStumbler.org - NetStumbler.com - Online Backup - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0 ©2007, Crawlability, Inc.


All messages express the views of the author and are for entertainment purposes only. Netstumbler.org cannot be held responsible for the authenticity of the content or the actions of its members. By using this site and its services, you warrant that you will not post any messages that are discriminating, obscene, hateful, threatening, or otherwise violates any laws and you release Netstumbler.org from any future claims of any kind whatsoever including, but not limited to, addiction and loss of productivity. All forum messages, private messages and any other content are properties of Netstumbler.org. Even if publicly available, personal or copyrighted information are not to be posted without the consent of the owner. Distribution of licensed and copyrighted materials in any way not endorsed by the copyright owner is strictly prohibited. You may not use this site and its resources to spam other sites or individuals or perform any action that violates any law. Items sold or bought in the For Sale forum are sold as is and no warranty or insurance of any kind is provided. Netstumbler.org cannot be held responsible for the outcome of any transactions and no warranty of any kind is provided, either express or implied. Vulgar words are not allowed in the subject lines ; they may be used in the message body in any forum. The Administrator, Super Moderators and Moderators of Netstumbler.org have the right to remove, edit, move or close any thread for any reason and to reveal your identity and other known information in the event of a complaint or legal action arising from any message posted by you.