Hi Jim,
To answer your question regarding WEP and RADIUS, basically WEP is for
data confidentiality and RADIUS is for authentication. Thus, they have
to work hand in hand to provide the different levels of security. Having
one without the other would mean a compromise in network security.
Users stealing services
As you have mentioned disabling ESSID broadcast, it is one form of
strengthening the security on your AP. Another way would be to use MAC
authorisation together with RADIUS authentication to further restrict
unauthorised associations.
Sniffers reading data over the air
Data should be encrypted over the air to prevent this and a good
alternative to WEP would be setting up IPSEC VPN which would give a
higher level of data confidentiality compared to WEP.
To augment the AP security, you may want to consider implementing ACL on
the Cisco routers to restrict inbound and outbound traffic. Depending on
your network topology there maybe several control points where AAA can
be enforced with encryption to secure your usser connections.
Please let us know if you need a more indepth discussion on any of the
information provided above.
Best regards,
Arasu
sB Tech Support
Can I make a few assumptions and ask for advice?
With a standard aPPo, I can setup MAC level authorisation from a
controlled list. I can then "choose" to implement WEP or not. If I turn
off ESSID broadcasts, it at least keeps out the normal level of hacker.
If I don't use WEP, but use Radius authentication, what else do I
require to "secure" the network from;
Users stealing service
Sniffers reading data over the air
The network will have Cisco routers at each PoP base station, consisting
of 3 x aPPo. Each Cisco router is, in turn, connected to an Internet NOC
through another Router.
When a client connects, they are initially authenticated and pushed onto
an internet connection, with IP assigned to the users PC, after
authentication. I am assigning fixed IP to the aPPo, AirBridge and
Routers.
Much appreciated
Jim Ward
Wireless Business Manager
MMT
Scotland
************************************************************************
***
THIS E-MAIL AND ANY ATTACHED FILES ARE CONFIDENTIAL, PROTECTED BY
COPYRIGHT AND MAY BE LEGALLY PRIVILEGED. If you are not the intended
addressee or have received the e-mail in error, any use of this e-mail
or any copying, distribution or other dissemination of it is strictly
prohibited. If you have received this transmission in error, please
notify the sender immediately and then delete the e-mail. E-mail cannot
be guaranteed to be secure, error free or free from viruses. Neither the
sending company nor its group of companies accepts any liability
whatsoever for any loss or damage which may be caused as a result of the
transmission of this message by e-mail. If verification is required,
please request a hard copy version.
************************************************************************
***
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
----------ANNOUNCEMENT----------
Don't forget to register for WISPCON IV
http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm
The PART-15.ORG smartBridges Discussion List
To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe
smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in
the body type unsubscribe smartBridges)
Archives: http://archives.part-15.org
----------ANNOUNCEMENT----------
Don't forget to register for WISPCON IV
http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm
The PART-15.ORG smartBridges Discussion List
To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges
<yournickname>
To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges)
Archives: http://archives.part-15.org
