Slashdot Mirror
802.1X Security Overview
HJ Franzen writes "Ars Technica have what they call a wireless security blackpaper posted that's well worth a read. I wish this was available when I was spec'ing wireless VPN solutions for my campus. The article is pretty detailed and discusses the many ways in which companies are trying to address the fatal flaws in WEP."
how the current standard is broken, visit toms hardware:
/ in dex.html
http://www.tomshardware.com/network/02q3/020719
They've got some good information on why 64/40 and 128 bit encryption isn't enough; as well as why the current "consumer-level" equipment can't do enough to thwart drive-bys.
Karnal
i use a little "consumer elvel" access point/router with DHCP turned off, and a strong subnet mask (i'm talking 29 bits!) then i filled up every IP address in the range by assiging multiple ip addresses to the adapter on my server
--fetch daddy's blue fright wig, i must be handsome when i release my rage
Actually most APs broadcast a few (or many) Beacon Frames every second rather than a Beacon every few seconds. But to your question, the client (whether authorized or un-authorized) needs the SSID to associate with an AP. Picking one that is difficult to guess and using a AP that can suppress the SSID in Beacon Frames makes it that much more difficult for an un-authorized client to associate with your AP.
I haven't played with any wireless base stations other than my AirPort, but I can limit MAC Addresses, as well. Sure, this doesn't work in an environment where many friends/clients will be accessing your network unexpectedly, but in a home/school where the number of new users is extremely limited or well-controlled, this can improve security quite substantially.
Sure, they can still sniff packets, and they can still break encryption, but it will be a sight harder for them to access your wired network/Internet connection.
That what was all this school was for... to teach us how to solve our own problems. -- janeowit