Florian Reitmeir wrote:
Ummm.... Just where does the article in question mention RADIUS? If you will note the paragraph explaining Open Authentication it is referring explicitly to DEVICE authentication, not authentication of a person/user which is what RADIUS is used for.....Hi, On Sam, 03 Mär 2007, Freddy Freeloader wrote:Q. What are the advantages and disadvantages of Open Authentication? *A. *Here are the advantages and disadvantages of Open Authentication: *Advantages:* Open Authentication is a basic authentication mechanism, which you can use with Wireless devices that do not support the complex authentication algorithms. Authentication in the 802.11 specification is connectivity-oriented. By design the requirements for authentication allow devices to gain quick access to the network. In such a case, you can use Open Authentication. *Disadvantages:* Open Authentication provides no way to check if a client is a valid client and not a hacker client. If you do not use WEP encryption with Open Authentication, any user who knows the SSID of the WLAN can access the network. Cisco does not recommend that you deploy wireless LANs without WEP encryption."They are here refering to RADIUS, so you can connect Usernames and Network Access. Normaly a WEP or WPA-PSK Key grant access to the complete network. With RADIUS or something similar you can grant access by user&password or user&cert which in more complex networks _is_ the better way (simply think of, if there is more than one network segment, or a machine gets stolen... and you want to revoke just one user)
Here is the quote from the article. "Open Authentication is a basic authentication mechanism, which you can use with Wireless devices that do not support the complex authentication algorithms. Authentication in the 802.11 specification is connectivity-oriented. By design the requirements for authentication allow devices to gain quick access to the network. In such a case, you can use Open Authentication."
Now show me where a user or RADIUS is mentioned or even implicitly referred to. Is RADIUS authentication a basic device authentication? Not according to everything I've studied. This entire paragraph is about DEVICE authentication. I'd also like you to show me where in the 802.11 specs user authentication is defined. The very beginning of the 802.11 specs say it is dealing with the physical and data link layers. These layers have nothing whatsoever to do with user authentication, but much to do with device authentication.
Also, look at the SKA paragraph. I'll quote it below."Open Authentication provides no way to check if a client is a valid client and not a hacker client. If you do not use WEP encryption with Open Authentication, any user who knows the SSID of the WLAN can access the network. Cisco does not recommend that you deploy wireless LANs without WEP encryption."
Notice that it says, CLIENT, not user. In networking devices are known as clients, servers, etc.... Also notice that it says any user who knows the SSID may connect. Just where is RADIUS and/or password and user name mentioned? And, if RADIUS is being used in their example just how does a person access the network with only an SSID?