RE: [fw-wiz] Locking down public wireless access
From: John Adams (jna+dated+1109546999.6e3a90_at_retina.net)
Date: 02/23/05
- Previous message: Frank Knobbe: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- In reply to: Mark Gumennik: "RE: [fw-wiz] Locking down public wireless access"
- Next in thread: Dale W. Carder: "Re: [fw-wiz] Locking down public wireless access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Mark Gumennik <mgumennik@mitre.org> Date: Tue, 22 Feb 2005 15:29:58 -0800 (PST)
I think what you're looking for is nocatauth. Have a look:
www.nocat.net
-john
On Tue, 22 Feb 2005, Mark Gumennik wrote:
> Chris,
> The way wireless RFC is written :
> - you can secure the data; you can not secure the communication itself.
> Your plan is adequate for today's technologies for university environment,
> but: user names and pwds can be easily spoofed on wireless com, you don't
> even have to be a hacker for this: just use existing tools. I would not do
> my banking on wireless; let your customers be aware of it.
> Did somebody on the list actually written a policy on using wireless? - if
> yes please send me a copy
> Mark
>
> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com
> [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Chris Bills
> Sent: Saturday, February 19, 2005 1:31 PM
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] Locking down public wireless access
>
> At my university, the computer science department would like to offer
> wireless access to computer science students, but would like the
> access to not be anonymous. Current problems with unrestricted access
> to the internet are obvious, anonymous kids downloading porn, movies,
> mp3s, etc, and as the university allowed this to happen, they could be
> held liable.
>
> enforcing a logon policy would help limit the university's liability
> in said situations.
>
> ideally, we would like to implement a system in which the user will
> connect to un-encrypted wireless, but any attempts to get out will be
> redirected to the authentication page. Once the user logs in, they
> will be given the WEP key of the day, and then they will have
> unrestricted access.
>
> I'm investigating the usage of Linksys WRT45G routers, with a modified
> firmware, but I have no actual experience with this. I would like to
> look into other methods of doing this, as well, such as Perfigo (which
> has now been acquired by Cisco)...
>
> If you have any suggestions for hardware, or existing documentation
> floating on the net about how to achieve this sort of setup, please
> let me know.
>
> Chris
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
-- J. Adams http://www.retina.net/~jna _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Frank Knobbe: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- In reply to: Mark Gumennik: "RE: [fw-wiz] Locking down public wireless access"
- Next in thread: Dale W. Carder: "Re: [fw-wiz] Locking down public wireless access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
