Re: Security. WPA?/-TKIP /-CCMP

On Fri, 5 Dec 2008 10:09:36 -0800 (PST), Chrisjoy
<ultralibertarianer@xxxxxxxxx> wrote:

On 5 Des, 18:25, Jeff Liebermann <je...@xxxxxxxxxx> wrote:
Much good info, Jeff. Let me ask one question one more time.

I don't need authentification. I welcome everyone inside my field
strength to use my net. My primarly (/only) concern is that the guests
at my wireless lan are protected against each other. Protected from
sniffing. Will a Radius Server make sure every connection to the
access point will use a unique AES key?

Yes. The RADIUS server delivers a one time unique WPA/WPA2 key for
each user and for each session.

From your description, it seems that you want to run a public hotspot
on a corporate LAN. That's fine as long as you do something to keep
the traffic seperate. I'll stand on my comments that this is a dumb
thing to do and that you should reconsider your approach. At the very
least, keep the two systems seperate.

It might be helpful to read the FAQ:
<http://wireless.navas.us/wiki/Wi-Fi_How_To#WPA.2FWPA2>
Note that the ZyXEL G-2000 Plus has a built in RADIUS server with PEAP
authentication.

There are some free and for-pay RADIUS server on the internet which
you can use for testing. I'm late for a meeting and need to run.
Maybe later. This article has some references:
<http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1167675,00.html>
It also explains how the unique encryption key is created and
delivered.

Also, you might need authentication if you're running RADIUS. This
might help:
<http://articles.techrepublic.com.com/5100-10878_11-6148560.html>

--
Jeff Liebermann jeffl@xxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.

Relevant Pages