--- John Allman <[EMAIL PROTECTED]> wrote: > Stefan Winter wrote: > >> I'm searching through my dell wireless wlan card > utility and i'm pretty sure > >> i can't hide it. Are dell breaking any rfcs or > other standards that i can > >> take them up on? > > > > No. It's optional. If Dell doesn't do it, bad > luck. But you can always install > > a supplicant that does it, for example at > www.securew2.com (very nice > > supplicant, IMO). > > I'm very impressed. I installed this and all of my > complaints and > concerns are answered! Now, i'm assuming and hoping > the linux wpa > supplicant also supports this... > > > > Uh. You should consider that you will have _no_ > link-layer encryption when > > using captive portals. And connections can be > hijacked. And with a shared > > key, you have no accountability. And the shared > key will flow over the net > > unencrypted, so anyone can pick it up and abuse > your network. > > OTOH, what's so secret about a user name? User > names are the _public_ parts of > > credentials, it's the passwords that are critical. > > If you really don't want usernames to be important > at all, use EAP-TLS. The > > client certificate will identify you, no matter > what garbage you put into the > > user name. > > Captive portals are a step back with regards to > security. > > > > Well, i was going to use wpa2 with a preshared key > which would provide > the link-layer encryption (as i understand it) but > then require a > username and password as another step in case the > key got leaked. You're > right about the accountability, but are you sure > about the shared key > going over the net unencrypted? This doesn't sound > right... > > Since we're talking about our ldap directory, which > we use for pretty > much *everything*, having a list of usernames gives > an attacker a > starting point for trying brute force attacking. > This could also be used > as a starting point for identity theft or spamming. > > EAP-TLS probably is the most secure way to do things > though it does > require installing certs. I'll definitely be giving > it consideration > > Thanks again for all your help - i'm feeling pretty > happy with my setup now, > > John > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
If your time allows the RADIUS book from O'Reilly is an invaluable reference. It includes FreeRADIUS specifics as well. Laker __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
