[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Broadcom wireless, "Access Point: Invalid"



Florian Reitmeir wrote:
Hi,

On Sam, 03 Mär 2007, Freddy Freeloader wrote:

     Q. What are the advantages and disadvantages of Open Authentication?

   *A. *Here are the advantages and disadvantages of Open Authentication:

   *Advantages:* Open Authentication is a basic authentication
   mechanism, which you can use with Wireless devices that do not
   support the complex authentication algorithms. Authentication in the
   802.11 specification is connectivity-oriented. By design the
   requirements for authentication allow devices to gain quick access
   to the network. In such a case, you can use Open Authentication.

   *Disadvantages:* Open Authentication provides no way to check if a
   client is a valid client and not a hacker client. If you do not use
   WEP encryption with Open Authentication, any user who knows the SSID
   of the WLAN can access the network. Cisco does not recommend that
   you deploy wireless LANs without WEP encryption."

They are here refering to RADIUS, so you can connect Usernames and Network
Access. Normaly a WEP or WPA-PSK Key grant access to the complete network.

With RADIUS or something similar you can grant access by user&password or
user&cert which in more complex networks _is_ the better way (simply think
of, if there is more than one network segment, or a machine gets stolen...
and you want to revoke just one user)


Ummm.... Just where does the article in question mention RADIUS? If you will note the paragraph explaining Open Authentication it is referring explicitly to DEVICE authentication, not authentication of a person/user which is what RADIUS is used for.....

Here is the quote from the article. "Open Authentication is a basic authentication mechanism, which you can use with Wireless devices that do not support the complex authentication algorithms. Authentication in the 802.11 specification is connectivity-oriented. By design the requirements for authentication allow devices to gain quick access to the network. In such a case, you can use Open Authentication."

Now show me where a user or RADIUS is mentioned or even implicitly referred to. Is RADIUS authentication a basic device authentication? Not according to everything I've studied. This entire paragraph is about DEVICE authentication. I'd also like you to show me where in the 802.11 specs user authentication is defined. The very beginning of the 802.11 specs say it is dealing with the physical and data link layers. These layers have nothing whatsoever to do with user authentication, but much to do with device authentication.
Also, look at the SKA paragraph.  I'll quote it below.

"Open Authentication provides no way to check if a client is a valid client and not a hacker client. If you do not use WEP encryption with Open Authentication, any user who knows the SSID of the WLAN can access the network. Cisco does not recommend that you deploy wireless LANs without WEP encryption."

Notice that it says, CLIENT, not user. In networking devices are known as clients, servers, etc.... Also notice that it says any user who knows the SSID may connect. Just where is RADIUS and/or password and user name mentioned? And, if RADIUS is being used in their example just how does a person access the network with only an SSID?



Reply to: