Don't run DHCP! And use mac filtering at the ap's. (I use the smartbridges
ap's. they'll do radius and authenticate wireless subs just like my dialup
ones.)
Marlon
(509) 982-2181 Equipment sales
(408) 907-6910 (Vonage) Consulting services
42846865 (icq) And I run my own wisp!
64.146.146.12 (net meeting)
www.odessaoffice.com/wireless
www.odessaoffice.com/marlon/cam
----- Original Message -----
From: "Jason" <[EMAIL PROTECTED]>
To: "WISPA General List" <wireless@wispa.org>
Sent: Monday, December 05, 2005 9:39 PM
Subject: Re: [WISPA] How to Authenticate/Protect (WasEthernet
basedauthentication)
Marlon,
I appreciate the advice. Mostly I am interested in bullet proof
authentication of my clients. Any suggestions?
Jason
Marlon K. Schafer (509) 982-2181 wrote:
Hiya Jason,
You are mixing your networks.... You won't normally run a homebrew
product to provide a top notch service.
If security is of THAT great an importance to you, you should NOT run
wifi anything. Put in something much more off the wall. It's a lot
harder to snoop if you don't use one of the world's most common
protocols.
For these business guys I'd run Trango or something like that. Good
stuff but not nearly as much of it in use and no free tools on the
internet for intercepting and cracking the data stream.
What we do is remind our customers that this is the internet. They are
hanging out there for thousands upon thousands of people who's only
purpose in life is breaking into their machines and seeing what they can
learn. If they have data that's that sensitive then they need a high end
internal firewall and they need to VPN all internet traffic.
That help?
Marlon
(509) 982-2181 Equipment sales
(408) 907-6910 (Vonage) Consulting services
42846865 (icq) And I run my own wisp!
64.146.146.12 (net meeting)
www.odessaoffice.com/wireless
www.odessaoffice.com/marlon/cam
----- Original Message ----- From: "Jason" <[EMAIL PROTECTED]>
To: "WISPA General List" <wireless@wispa.org>
Sent: Friday, December 02, 2005 3:20 PM
Subject: [WISPA] How to Authenticate/Protect (Was Ethernet
basedauthentication)
List,
I am on the precipice, ready to take the plunge and become a WISP
(After 1 year of zoning, permits, 16 hr days, etc), but one thing still
bothers me. I haven't decided how to authenticate clients to my network
and REALLY protect their data. The CPE's I will use, rootenna/Senao2611
combos, do only WEP, which only obfuscates data nowadays. MAC addresses
can be cloned. Proxy login via a browser is obnoxious for the end user.
Ditto PPPoE & VPN logins. There is just no elegant, KISS solution. I
was looking at PPPoE or PPTP (poptop/linux) with Radius as my system,
since this would accomplish it, but seems like so much trouble and
overhead. PPTP is not Mac friendly, PPPoE requires clients (gasp) or a
router (gack!) and the PPPoE server shipping with Linux is meant "for
testing purposes only - man". I want an Always On (apparently) system
for my clients that just works.
How do you other (small) WISPs do this?
Tangent: How do you Senao 2611 users keep Netbios & windows network
neighborhood data off the wireless network. I was told to add a SOHO
router to the mix, but don't want to invest in more equipment to
maintain.
Jason Wallace
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/