RE: radius+ wireless

["Brett Zink" <Brett.Zink () harborfund com>]

Yes, your configuration is very insecure. WEP is very easily crack-able. Wireless as with anything else needs levels of 
security to protect it. You can't count on just WEP, or just WPA. One additional solution I have seen used by ISPs to 
secure their customer's wireless is this... Since the ISP is providing the service, the ISP takes responsibility for 
the customer's router configuration. At the time of hookup, the DHCP server on the router is only configured to give 
out a limited number of addresses. If 4 users in the house will be using the router, than it is configured to give out 
addresses from 10.24.0.10 - 10.24.0.13. Add this technique to WPA, access control lists, MAC filtering and other 
security precautions and your network should be a bit more secure. 


-----Original Message-----
From: Matvei Kliuchnikov [mailto:matvei.kliuchnikov () gmail com] 
Sent: Thursday, November 18, 2004 12:04 PM
To: security-basics () securityfocus com
Subject: RE: radius+ wireless

Quoth Gaspar de Elías on 11/17/2004 2:18 PM:
> hello
> I'm an isp, and i'm providing internet to my customers via wireless,
> authenticating with a radius server on freeBSD. My question is the
> folowing: Can somebody sniff the wireless conections, crack WEP
> alghoritm, and cheat his mac and ip addresses in order to steal
> information from one of my customers?
> A friend told me that doing this is incredibly easy, so i'm investigating. 
> What should i implement to make my wireless lan more secure?