[Dshield] Wireless MAC Authentication options.
josh at raintreeinc.com
Mon Jun 20 16:20:26 GMT 2005
John B. Holmblad wrote:
> if the school is running a Windows 2000 or 2003 server then I would
> recommend that they invest in putting up WPA or 802.11i/WPA2 based
> security for the wireless. It is the best way to get both strong mutual
> authentication of the wireless AP's and clients, AND strong encryption
> of the wireless link(s).
This begs the question, do you actually need strong encryption? Before
I'm accused of heresy, let's look at this: are the students going to be
using the network to transmit data that needs to stay out of the hands
of prying eyes? Sure, it's not bad to be able to ensure that the web
page they just downloaded telling them all about recent discoveries in
the field of archaeopteryx vertebrae haven't been snooped by anyone
else, but is it really necessary? Should they be doing anything that
requires that kind of security?
I realize your teachers and whoever else might also use this network,
and in that case, the information transmitted might very well be
sensitive. Certainly there are also many reasons you might want
encryption even if the data on the network isn't particularly sensitive.
For instance, if the products you have available offer encryption and
authentication together, and if it works with your hardware, turn it on.
I'm just suggesting that it's important to keep in mind what you're
protecting against. It's easy for those of us that spend our time
working with sensitive data to jump to the conclusion that we need X, Y,
and Z for every situation, just because we need it to protect that
sensitive data. But if the problem domain doesn't include sensitive
data, perhaps you only need X and Y.
Raintree Systems, Inc.
Office Phone: (801) 293-3090
Corporate Office: (760) 509-9000
More information about the list