Re: [fw-wiz] Locking down public wireless access

From: Jim Seymour (jseymour_at_linxnet.com)
Date: 02/22/05

Next message: MHawkins_at_TULLIB.COM: "[fw-wiz] Username password VS hardware token plus PIN"

Previous message: Julian Gomez: "Re: [fw-wiz] i-cap proposals"
In reply to: Chris Bills: "[fw-wiz] Locking down public wireless access"
Next in thread: Kevin Sheldrake: "Re: [fw-wiz] Locking down public wireless access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Tue, 22 Feb 2005 09:55:22 -0500 (EST)

Chris Bills <billschr@gmail.com> wrote:
>
[snip]
>
> ideally, we would like to implement a system in which the user will
> connect to un-encrypted wireless, but any attempts to get out will be
> redirected to the authentication page. Once the user logs in, they
> will be given the WEP key of the day, and then they will have
> unrestricted access.

WEP is not secure. WEP keys can be broken in as little as minutes,
given sufficient traffic volume. Use WPA or WPA2.

>
> I'm investigating the usage of Linksys WRT45G routers, with a modified
> firmware, but I have no actual experience with this.
[snip]

The "stock" WRT54G firmware can do WPA-RADIUS, IIRC. I believe this is
what you want. WPA-PSK would be a PITA in your environment.
Particularly if you'll have more than one AP.

>
> If you have any suggestions for hardware, or existing documentation
> floating on the net about how to achieve this sort of setup, please
> let me know.

Here's a previous firewall-wizards reply:

http://seclists.org/lists/firewall-wizards/2004/Dec/0140.html

Here's a link to the LinkSys WRT54G product page, whence you can fetch
the user's manual:

http://www.linksys.com/products/product.asp?prid=601&scid=35

At home I'm using a WRT54G with WPA-PSK. At work the experimental
wireless network is using a NetGear FWAG114 with WPA-PSK. I'll be
converting the home WLAN to WPA-RADIUS in preparation for doing the
same at work.

Jim
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: MHawkins_at_TULLIB.COM: "[fw-wiz] Username password VS hardware token plus PIN"

Previous message: Julian Gomez: "Re: [fw-wiz] i-cap proposals"
In reply to: Chris Bills: "[fw-wiz] Locking down public wireless access"
Next in thread: Kevin Sheldrake: "Re: [fw-wiz] Locking down public wireless access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Small RADIUS - WRT54G/GS
... > Yeah, it has a lot to do with their using open-source Linux, and ... Too bad the WRT54G V5 is going to a closed OS with no ... [.Snip F2 to F9.] ...
(alt.internet.wireless)
Re: ALERT: WPA isnt necessarily secure
... WPA-PSK is vulnerable to offline attack. ... WPA Cracker ...
(alt.internet.wireless)
Re: ALERT: WPA isnt necessarily secure
... WPA-PSK is vulnerable to offline attack. ... WPA Cracker ...
(alt.internet.wireless)