State of wireless in KC?
Gerald Combs
gerald at ethereal.com
Thu Aug 1 14:14:16 CDT 2002
On Wed, 31 Jul 2002 crash3m at trelane.net wrote:
> I've been
> searching for ways to force users to authenticate, use encryption, or
> login by some means that would allow me to regulate who connects. I've
> pretty much hit a brick wall as just about everything I've come up with
> in light says '40bit web is insecure' well duh...
So don't use WEP. :) AFAIK, there are three avenues for providing
secure, authenticated wireless:
1) Use all-Cisco gear. The entire Aironet line supports LEAP
(Lightweight Extensible Authentication Protocol), which is their
proposed replacement for WEP. This is by far the easiest solution to
implement, but it's also the most expensive. It also locks you into
a single vendor, at least until other people start supporing LEAP.
2) Use IPSec. Set up the network so that in order to get to the
Internet you have to authenticate against and tunnel through an
IPSec gateway. This is certainly cheaper, but more labor-intensive.
3) Wait six months. By then, most manufacturers should support either
LEAP or EAP-TLS (which is Agere/Orinoco's proposed solution, which
they're still working on).
More information about the Kclug
mailing list