Slashdot Mirror

← Back to Stories (view on slashdot.org)

Responsible Wireless Access For Your Access Point

Posted by ryuzaki0 on from the accessability-and-sanity dept.

bgood writes: "O'Reilly Network has an interesting article on authentication for wireless networks. The author discusses both the technical aspects, specifically NoCatAuth, and the overall context of why someone would choose (or not choose) to monitor or track the use of their wireless network. While geared towards network neighborhoods, the article definitely has applicability in more formal settings."

10 of 64 comments (clear)

  1. What would be nice by Space+Coyote · · Score: 5, Interesting

    ... would be if you could easily set aside a certain percentage of your bandwidth (say 10-15%) for use by other people, and more if its available. That way you aren't taking a backseat to freeloaders on your own network, but you also aren't curring people off whenever you start a big, bandwidth-heavy transfer.

    --
    ___
    Cogito cogito, ergo cogito sum.
    1. Re:What would be nice by vanguard · · Score: 3, Interesting

      That's pretty much what I do. It more or less happens naturally. I've made a decision to secure my network from the Internet but not from my neighbors. If I ever get burned by that (unlikely in my little suburban cul-de-sac) I'll change the policy.

      As for giving them only 10% of my network, just be being 100 feet or so (~30 meters) from the access point they can only get about 1 Mbs from the next house over.

      I can see that nobody has ever logged on but in my dreams most of the neighborhood starts providing wireless access and the entire subdivision is wireless and broadband. I'll bring a laptop to the pool and they'll bring a laptop to the basketball hoop down the street. (Ok, it's a weak dream but it seems neat to me)

      --
      That which does not kill me only makes me whinier
    2. Re:What would be nice by GC · · Score: 4, Interesting

      Exactly - my (Wireless) network is open, but it's users are protected from the Internet. All my terrestial hosts on the same network are tied down with ssh and passwords except for the services that can be accessed from the Internet anyway.

      I actually like it - I'm not making any bandwidth limitations as yet, simply because I haven't noticed any problems.

      The Internet access is DSL 512kbps down/256kbps up.

      I wonder how many other people are giving this service? Is there anyway to advertise it? I'm relying on word-of-mouth, it's probably better that way :-)

      If bandwidth or security become a problem I'll get a third interface on the firewall and throttle them down whilst locking them out of my wires network.

  2. A registered SSL certificate? by imrdkl · · Score: 4, Interesting
    The article claims that neighbors only need trust the "auth system". Seems to me that a group of neighbors would only need to agree on the authority of an self-issued root certificate, and let trust grow from there.

    Otoh, any marketing folks from Verisign reading here? Could be a whole new niche...

    NeighborCert (tm)

  3. Re:What would also be nice by morcheeba · · Score: 3, Insightful

    I would gladly open up my wireless network, but the firewall/switch/access point puts the wireless network on my side of the firewall. That kindof defeats the whole purpose of the firewall - Sure it's secure from 99.999% of the internet, but people can get in via wireless. Ideally, I'd like to manage the rules between the wireless part and my wired desktop computer, but I guess that would require the purchase of a real firewall. It's a shame; it would just take a little more software!!

    --
    HIV Crosses Species Barrier... into Muppets
  4. A combination of crypto and validation techniques by imrdkl · · Score: 4, Interesting
    The basic protocol:
    • All clients get immediete dhcp lease with minimal bandwidth from local gateway
    • client optionally posts credentials via SSL to auth service (using server SSL, no client cert required, although this could save steps)
    • auth service sends PGP-encrypted credentials in a message to local gateway
    • local gateway decrypts and validates data from master and matches to client credentials
    • client is upgraded with more bandwidth, or other goodies (if he's neighborly :-)
    All in all, sounds like a cool perl script to me!
  5. Re:auth? by Falsch+Freiheit · · Score: 4, Informative

    No, MAC address based firewall rules won't solve the security problem, either. They'll raise the barrier slightly, but it's fairly easy with most 802.11b cards (and with regular Ethernet cards, for that matter) to use a different MAC address than the one assigned to your device. Under Linux it's "ifconfig eth0 hw ether [new MAC address here]". Not nearly difficult enough.

  6. Requires HTTP and a human by Animats · · Score: 3, Insightful

    Something that requires the use of HTTP and human intervention just to get IP-level access is no good. Your laptop can't connect itself up and poll for mail without manual intervention. Back to the drawing board.

  7. Hacking wireless networks by Kiro · · Score: 5, Interesting

    Hello. I might be considered an "insider" in this field. I work at a semi-large ISP where we provide wireless connectivity using BreezeCom network equiptment. Employing large (from 9-24 inch) antennas, and uni-and omni-directional antennas mounted on prominent structures, we are able to send up to 3Mb/s to hosts.
    The security here is terrible. We use no authentication via radius or any other method. Anyone with a 802.11 network card, and a sufficient antenna could steal connectivity, and we could not currently tell.
    There exists ways to detect this, by monitering the MAC addresses connecting to the APs on the towers, but this is not employed. Neither is each radio catalogued, and IPs, for the most part, are assigned by the DHCP server with no logging.
    I do not know if this is typical of most wireless companies, but if it is, then things should be ripe for the taking. I'm posting anonymously, because my company has a history of firing and suing for less

    .

  8. Liability by Cato · · Score: 3, Insightful

    The biggest issue for freenets, IMO, is liability - if someone wanders past your access point and sends a huge amount of spam, or starts a DoS attack on remote sites, you may well find your ISP cuts off your access. In the worst case, you might be legally liable under various anti-spam or other laws.

    Just as ISPs have contracts with their customers, and authenticate them, it may end up being necessary to have contracts with your freenet users and to authenticate them. Of course, if they are friends it may be enough to just authenticate them... IANAL but something that indemnifies you against lawsuits etc would be very useful.

    This goes against the freenet ideal but unfortunately providing Internet access can be a legal minefield.