Slashdot Mirror

← Back to Stories (view on slashdot.org)

Responsible Wireless Access For Your Access Point

Posted by ryuzaki0 on from the accessability-and-sanity dept.

bgood writes: "O'Reilly Network has an interesting article on authentication for wireless networks. The author discusses both the technical aspects, specifically NoCatAuth, and the overall context of why someone would choose (or not choose) to monitor or track the use of their wireless network. While geared towards network neighborhoods, the article definitely has applicability in more formal settings."

7 of 64 comments (clear)

  1. What would be nice by Space+Coyote · · Score: 5, Interesting

    ... would be if you could easily set aside a certain percentage of your bandwidth (say 10-15%) for use by other people, and more if its available. That way you aren't taking a backseat to freeloaders on your own network, but you also aren't curring people off whenever you start a big, bandwidth-heavy transfer.

    --
    ___
    Cogito cogito, ergo cogito sum.
    1. Re:What would be nice by rockwood · · Score: 2, Interesting

      That would be nice!

      Specifically allowing businesses and residents to allocate percentages of their bandwidth to opposing buildings/households and reducing their own costs. Possibly even allowing passing motorists with roaming uplinks to their own central servers.

      I haven't crunched actual numbers, but I can only guess that that would allow for everyone to have wireless access for an extremely nominal fee and provide the ability for additional redundancy.

      Though I don't beleive I'd ever totally do away with a hard line (whether it be phone or cable)

      --
      Never try to beat a professional at his own game!
    2. Re:What would be nice by vanguard · · Score: 3, Interesting

      That's pretty much what I do. It more or less happens naturally. I've made a decision to secure my network from the Internet but not from my neighbors. If I ever get burned by that (unlikely in my little suburban cul-de-sac) I'll change the policy.

      As for giving them only 10% of my network, just be being 100 feet or so (~30 meters) from the access point they can only get about 1 Mbs from the next house over.

      I can see that nobody has ever logged on but in my dreams most of the neighborhood starts providing wireless access and the entire subdivision is wireless and broadband. I'll bring a laptop to the pool and they'll bring a laptop to the basketball hoop down the street. (Ok, it's a weak dream but it seems neat to me)

      --
      That which does not kill me only makes me whinier
    3. Re:What would be nice by GC · · Score: 4, Interesting

      Exactly - my (Wireless) network is open, but it's users are protected from the Internet. All my terrestial hosts on the same network are tied down with ssh and passwords except for the services that can be accessed from the Internet anyway.

      I actually like it - I'm not making any bandwidth limitations as yet, simply because I haven't noticed any problems.

      The Internet access is DSL 512kbps down/256kbps up.

      I wonder how many other people are giving this service? Is there anyway to advertise it? I'm relying on word-of-mouth, it's probably better that way :-)

      If bandwidth or security become a problem I'll get a third interface on the firewall and throttle them down whilst locking them out of my wires network.

  2. A registered SSL certificate? by imrdkl · · Score: 4, Interesting
    The article claims that neighbors only need trust the "auth system". Seems to me that a group of neighbors would only need to agree on the authority of an self-issued root certificate, and let trust grow from there.

    Otoh, any marketing folks from Verisign reading here? Could be a whole new niche...

    NeighborCert (tm)

  3. A combination of crypto and validation techniques by imrdkl · · Score: 4, Interesting
    The basic protocol:
    • All clients get immediete dhcp lease with minimal bandwidth from local gateway
    • client optionally posts credentials via SSL to auth service (using server SSL, no client cert required, although this could save steps)
    • auth service sends PGP-encrypted credentials in a message to local gateway
    • local gateway decrypts and validates data from master and matches to client credentials
    • client is upgraded with more bandwidth, or other goodies (if he's neighborly :-)
    All in all, sounds like a cool perl script to me!
  4. Hacking wireless networks by Kiro · · Score: 5, Interesting

    Hello. I might be considered an "insider" in this field. I work at a semi-large ISP where we provide wireless connectivity using BreezeCom network equiptment. Employing large (from 9-24 inch) antennas, and uni-and omni-directional antennas mounted on prominent structures, we are able to send up to 3Mb/s to hosts.
    The security here is terrible. We use no authentication via radius or any other method. Anyone with a 802.11 network card, and a sufficient antenna could steal connectivity, and we could not currently tell.
    There exists ways to detect this, by monitering the MAC addresses connecting to the APs on the towers, but this is not employed. Neither is each radio catalogued, and IPs, for the most part, are assigned by the DHCP server with no logging.
    I do not know if this is typical of most wireless companies, but if it is, then things should be ripe for the taking. I'm posting anonymously, because my company has a history of firing and suing for less

    .