802.1X Security Overview

HJ Franzen writes "Ars Technica have what they call a wireless security blackpaper posted that's well worth a read. I wish this was available when I was spec'ing wireless VPN solutions for my campus. The article is pretty detailed and discusses the many ways in which companies are trying to address the fatal flaws in WEP."

Re:wep is a stupid idea

[Oculus+Habent]

You want wireless you're gonnna have to accept the freeloaders on your service.

I haven't played with any wireless base stations other than my AirPort, but I can limit MAC Addresses, as well. Sure, this doesn't work in an environment where many friends/clients will be accessing your network unexpectedly, but in a home/school where the number of new users is extremely limited or well-controlled, this can improve security quite substantially.

Sure, they can still sniff packets, and they can still break encryption, but it will be a sight harder for them to access your wired network/Internet connection.

Re:wep is a stupid idea

[WolfWithoutAClause]

whats the difference between an encrypted ack packet and a non enc'd one from a sniffing point of view not a one..

any key you could possible be using will get exposed through these very well documented and standardized packets.

short of non-reversable encs like md5 it is basically impossible to protect data if you know the before enc and after enc data on a common packet.

Nope. The best encryption techniques are proof against a 'known plaintext attack'; which is what you are talking about here. The code is not resolvable from the plaintext or the encrypted text or both together. Well, theoretically it is resolvable, but the amount of processing necessary to do it is completely beyond computational reach.

At best you might be able to guess from the context that it was an ack packet, but that's about it.