[unisog] VPN Protection of Wireless Networks

Gary Flynn flynngn at jmu.edu
Thu Dec 13 21:41:30 GMT 2001


Jose Nazario wrote:
> 
> well, WEP's pretty weak. a community of shared certificates is not that
> secure, buts its far cry better than WEP. using some form of
> authentication (ie passphrases using SSL to a wireless only server) people
> can get the certificate they need to get started. using X.509 certificates
> these can be validated then. this makes netstumbler type attacks far more
> difficult. not impossible, just far more difficult. WEP's rather trivial
> to abuse.

I'm not sure I understand the SSL'd "wireless server" concept to provide
certs.

Are you saying to provide a web server which can be accessed without
VPN encryption from which one can subsequently obtain an individualized
certificate after authenticating which then can be used for VPN sessions? 
I guess the web server would add the key to the VPN concentrator in
the background. This sounds workable. Have to set up a CA and revocation
process though.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe



More information about the unisog mailing list