|
Almost correct - but keep in mind that all of these methods
are still vulnerable to the weak WEP key problem. By collecting
enough data (only a couple of hours worth) it is possible to decrypt the WEP key
(even the 128 bit version) and then connect to your network. MAC
authentication may keep them from associating unless they clone an existing
users MAC address - and they can still decode information in the users data
without associating once they have found the WEP key.
Current wireless security using WEP without any of the various
patches (LEAP, MIC, TKIP) doesn't do any more than keep the honest people
honest. AKAIK Smartbridges has not implemented any of the workarounds for
the WEP key problems.
Mark Radabaugh
Amplex
(419) 720-3635
----- Original Message -----
Sent: Monday, October 13, 2003 4:19
PM
Subject: RE: [smartBridges] Auth
question
Sorry for being such a dope on this...
Now I think I've got
it, but one more question:
When in OPEN - OPEN, the transmissions are still
encrypted, but no challenge is made?
So, this is why Shared is a little
less secure than Open...because someone listening to the unencrypted challenge
and resultant encrypted response from CPE -theoretically- would be able to
figure out the key. So, as long as MAC authorization is enabled and all
of my real customers' MAC addresses are in the list, I can confidentally use
the Open method without fearing that illegal users would be able to get on the
network if they don't have the key.
On Fri, 2003-10-10 at
14:37, Seeni Mohamed wrote:
Hi
Sevak,
I am sorry about that if I confused.
As you mentioned, if your APPOs are in "OPEN" with WEP
keys enabled, then the CPE without these WEP keys will not be able to
communicate each other.
Here is the table for the
various authentication TYPE can be used with our sB devices. Please remember
that Authentication will be valid only if WEP encryption
enabled.
smartbridges
CPE
|
smartbridges
Access
point
|
Encryption
|
Associate
|
PING
|
Open
|
Open
|
64/128
|
Y
|
Y
|
Shared
|
Shared
|
64/128
|
Y
|
Y
|
Shared
|
Open
|
64/128
|
N
|
N
|
Open
|
Shared
|
64/128
|
N
|
N
|
Open
|
Both
|
64/128
|
Y
|
Y
|
Shared
|
Both
|
64/128
|
Y
|
Y
|
Both
|
Both
|
64/128
|
Y
|
Y
|
Here is the
difference between OPEN and SHARED keys.
OPEN
During the OPEN
key authentication, the CPE sends only the request and AP response and
process request based on the WEP encryption. With this authentication, they
key will be hidden and not shared among the devices.
SHARED
During the shared key authentication, the access point sends an
unencrypted challenge text string to any device attempting to communicate
with the access point. The device requesting authentication encrypts the
challenge text and sends it back to the access point. If the challenge text
is encrypted correctly, the access point allows the requesting device to
authenticate.
Kind regards,
Seeni
sB
Tech support
[EMAIL PROTECTED]
-----Original
Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sevak
Avakians
Sent: Saturday, October 11, 2003 12:01 AM
To:
[EMAIL PROTECTED]
Subject: RE: [smartBridges] Auth
question
Ok, I'm very
confused by this authentication thing now. I thought that OPEN meant
that anyone without a matching WEP key can connect and SHARED meant only
those with a matching WEP key can connect. But you are saying that
OPEN means that they still need a matching WEP key? Is this a
typo? Does this mean if my APPOs are in "OPEN" with WEP keys enabled,
then customers without these WEP keys will not be able to connect? If
this is the case, then what's the difference between OPEN and SHARED.
Is it that the OPEN does not bother encrypting after the first check to see
if the CPE has the right keys and SHARED always encrypts using those
keys?
Please help a lost soul!!!
Thanks,
Sevak
On
Thu, 2003-10-09 at 15:16, Seeni Mohamed wrote:
The
AUTHENTICATION TYPE option provided in the Advanced TAB for the purpose of
WEP key encryption, not for the wireless clients MAC
authentication
OPEN SYSTEM allows any device
to authenticate and then attempt to communicate with the access point (null
authentication)
Using OPEN SYSTEM, any wireless device can authenticate
with the access point, but the device can only communicate if its WEP keys
match the access points.
Devices not using WEP do not
attempt to authenticate with an access point that is using WEP.
Best regards,
Seeni
sB Tech
support
[EMAIL PROTECTED]
-----Original Message-----
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Rick Kunze
Sent: Friday,
October 10, 2003 1:48 AM
To: [EMAIL PROTECTED]
Subject:
[smartBridges] Auth question
'scuse me if this has been covered, I just
joined.
Regarding an APPO, in the Advanced tab under
Authentication Type:
If one selects OPEN SYSTEM,
does that permit clients to associate even if
their mac address isn't in the
Client Auth table, or is it that they must
still be mac authorized yet are
allowed if they don't have the WEP key?
Thanks.
Rk
----------ANNOUNCEMENT----------
Don't forget to
register for WISPCON IV
http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm
The PART-15.ORG smartBridges Discussion
List
To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe
smartBridges <yournickname>
To Remove:
mailto:[EMAIL PROTECTED] (in the body type unsubscribe
smartBridges)
Archives: http://archives.part-15.org
|
