[Dshield] Wireless MAC Authentication options.
Johannes B. Ullrich
jullrich at euclidian.com
Mon Jun 20 15:11:28 GMT 2005
Chris Mitchell wrote:
> I have recently been contracted by a client of mine to implement a wireless
> network for a small school (500 students). I would like opinions on MAC
> Address Authentication methods. This is a Windows based network, and the
> solution should be fairly simple so that it is manageable by the client.
> Any input is greatly appreciated.
You are probably looking at something like 'nocat' (http://nocat.net/).
It works "reasonably well". While it can be bypassed (e.g. by spoofing a
MAC), it works probably good enough for your scenario.
Nocat can opperate in two different "modes":
- Just display a "banner" for people to click off on.
- Ask people to log in with username/password.
It should run well with 500 users, and can be linked to various backends
(mysql, postgresql, ldap, radius).
If you need anything more secure, you should use a VPN. Essentially
allow only traffic from the wireless network to the VPN concentrator,
and manage your users via whatever VPN solution you use. Once they are
on the VPN, you can let them "out".
More information about the list