[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: securing a WLAN with PPP (or the like)

martin f krafft wrote:

> I am faced with the challenge to secure access to a WLAN beyond the
> WEP crap. In fact, what we would like to institute is a login-based
> method in which users have to authenticate with the gateway before
> being given access. The solution must allow for encryption of the
> channel and be compatible/usable with Windows, even without admin
> rights.

I would definitely take a look at port base access (802.1X) and use
authentication based on EAP tunnelled by TLS. 
You basically need three things for this:
1/ Something that provides access to some (V)LAN to some client;
the authenticator (this can be a switch or an accesspoint)
2/ Something that wishes to gain access to a LAN; the supplicant
(a piece of software on the client that does EAPOL)
3/ Something to handle authentication; the authentication
server (RADIUS)

802.1X is in fact user based network access. You are very flexible with
authentication and it allows you to implement guestusage if you wish
because you are able to appoint VLAN membership based on who someone
is or to what group somebody belongs. The standard also provides means
to secure a WLAN by flexible appointment of encryption-keys to users;
you just let WEP keys rotate quickly so there is no time to crack them.


Henk Roose <Henk.Roose@cwi.nl>
CWI - Centrum voor Wiskunde en Informatica
Centre for Mathematics and Computer Science
Amsterdam (NL)

Attachment: pgpRK4MqiDzzq.pgp
Description: PGP signature

Reply to: