[brlug-general] Wireless security (Not specifically Linux-related)
Joe Fruchey
jfruchey at gmail.com
Tue Apr 3 17:15:58 CDT 2007
Stupid question: Is the 'x' in 802.1x a placeholder/variable, or is it
analogous to the letters in 802.11a/b/g/n?
On 4/3/07, -ray <ray at ops.selu.edu> wrote:
> On Tue, 3 Apr 2007, Joe Fruchey wrote:
>
> > MAC-based? How is that any better than just filtering the MAC address
> > at the router? Anybody could just spoof their MAC address and get in.
>
> It's not, but it does give you another layer of defense. And if you're
> using WPA, just getting the list of "approved" MACs that you can spoof is
> non-trivial. You'd need the steal the PSK, then decrypt a frame to steal
> a MAC, then spoof the MAC. Let's face it, you can get both (PSK and MAC)
> from just stealing a laptop. But you're definitely deterring the war
> drivers, and keeping Joe users from just emailing the PSK to each other.
>
> Your best bet is WPA with 802.1x/RADIUS. My point was you need 802.1x.
> If you're not using PSK, then thats the only other option as far as i
> know. Any radius authentication i've seen that is NOT 802.1x
> (username/password) is normally mac-based.
>
> ray
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Ray DeJean http://www.r-a-y.org
> Systems Engineer Southeastern Louisiana University
> IBM Certified Specialist AIX Administration, AIX Support
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>
> _______________________________________________
> General mailing list
> General at brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>
More information about the General
mailing list