[Dshield] Wireless MAC Authentication options.

Josh Tolley josh at raintreeinc.com
Mon Jun 20 16:20:26 GMT 2005


John B. Holmblad wrote:
> Chris,
> 
> if the school is running a Windows 2000 or 2003 server  then I would 
> recommend that they invest in putting up WPA or 802.11i/WPA2 based 
> security for the wireless. It is the best way to get both strong mutual 
> authentication of the wireless AP's and clients, AND strong encryption 
> of the wireless link(s).

This begs the question, do you actually need strong encryption? Before 
I'm accused of heresy, let's look at this: are the students going to be 
using the network to transmit data that needs to stay out of the hands 
of prying eyes? Sure, it's not bad to be able to ensure that the web 
page they just downloaded telling them all about recent discoveries in 
the field of archaeopteryx vertebrae haven't been snooped by anyone 
else, but is it really necessary? Should they be doing anything that 
requires that kind of security?

I realize your teachers and whoever else might also use this network, 
and in that case, the information transmitted might very well be 
sensitive. Certainly there are also many reasons you might want 
encryption even if the data on the network isn't particularly sensitive. 
For instance, if the products you have available offer encryption and 
authentication together, and if it works with your hardware, turn it on. 
I'm just suggesting that it's important to keep in mind what you're 
protecting against. It's easy for those of us that spend our time 
working with sensitive data to jump to the conclusion that we need X, Y, 
and Z for every situation, just because we need it to protect that 
sensitive data. But if the problem domain doesn't include sensitive 
data, perhaps you only need X and Y.

Josh Tolley
Raintree Systems, Inc.
http://www.raintreeinc.com
Office Phone: (801) 293-3090
Corporate Office: (760) 509-9000



More information about the list mailing list