>1.) Comparison / difference and Pros&Cons of WEP and WPA encryption on
>a WLAN.
There's no comparison. WEP encryption has been easily cracked and is
considered grossly insecure. Tools are commonly available and take
only a few minutes to run. WPA is currently quite secure.
>2.) Encryption technology
You have two choices. WPA-PSK which uses TKIP and WPA2-PSK which uses
AES. AES is considered more secure. In general, any client that
supports TKIP will also support AES, so there's little risk of
compatibility issues with AES. Only older cards and drivers may be a
problem.
>3.) Authentication technology
802.1x is supplies along with WPA encryption. However, if you want
something better, consider installing a RADIUS server and using
WPA-RADIUS for authentication. This also has the added benifit of NOT
using a shared encryption key which can easily be leaked. With
RADIUS, the encryption key is unique for each session and user.
>4.) Recommended devices (AP, WLAN Cards etc)
Sorry. Without specifications or clue as to what you're trying to
accomplish, what you have to work with, and how much money you have to
spend, I can't offer any recommendations. Note that there are no
universal solutions.
>5.) How to perform Security Audit of a WLAN?
Wireless security is enforced by the wireless access point. If it
demands that users have encryption, authentication, passwords, etc,
then checking the access point is your prime method of testing
security. Beyond that, there are numerous intrusion testing and
detection tools and services, which will test the entire network, and
not just a single component, which can be circumvented or bypassed.
>6.) Recommended steps to setup such a network
Hire someone that knows what they are doing and has done it before.
>Please consider this urgent and post/reply ASAP
If this is your responsibility, I suggest you either do some serious
reading, or find someone with experience to expedite the project.
On Sep 27, 8:46 am, Jeff Liebermann <je...@cruzio.com> wrote:
> rockysam39 <rockysam39.2xk...@no-mx.wirelessforums.org> hath wroth:
>
> >1.) Comparison / difference and Pros&Cons of WEP and WPA encryption on
> >a WLAN.
>
> There's no comparison. WEP encryption has been easily cracked and is
> considered grossly insecure. Tools are commonly available and take
> only a few minutes to run. WPA is currently quite secure.
>
> >2.) Encryption technology
>
> You have two choices. WPA-PSK which uses TKIP and WPA2-PSK which uses
> AES. AES is considered more secure. In general, any client that
> supports TKIP will also support AES, so there's little risk of
> compatibility issues with AES. Only older cards and drivers may be a
> problem.
>
> >3.) Authentication technology
>
> 802.1x is supplies along with WPA encryption. However, if you want
> something better, consider installing a RADIUS server and using
> WPA-RADIUS for authentication. This also has the added benifit of NOT
> using a shared encryption key which can easily be leaked. With
> RADIUS, the encryption key is unique for each session and user.
>
> >4.) Recommended devices (AP, WLAN Cards etc)
>
> Sorry. Without specifications or clue as to what you're trying to
> accomplish, what you have to work with, and how much money you have to
> spend, I can't offer any recommendations. Note that there are no
> universal solutions.
>
> >5.) How to perform Security Audit of a WLAN?
>
> Wireless security is enforced by the wireless access point. If it
> demands that users have encryption, authentication, passwords, etc,
> then checking the access point is your prime method of testing
> security. Beyond that, there are numerous intrusion testing and
> detection tools and services, which will test the entire network, and
> not just a single component, which can be circumvented or bypassed.
>
> >6.) Recommended steps to setup such a network
>
> Hire someone that knows what they are doing and has done it before.
>
> >Please consider this urgent and post/reply ASAP
>
> If this is your responsibility, I suggest you either do some serious
> reading, or find someone with experience to expedite the project.
>
> --
> Jeff Liebermann je...@cruzio.com
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060http://802.11junk.com
> Skype: JeffLiebermann AE6KS 831-336-2558
My two cents here; You can always hire and expert, but how do you know
that person is an expert. I've been hired to fix "the mess left
behind" quite a few times.
On Thu, 27 Sep 2007 15:06:28 -0700, miso@sushi.com wrote:
>My two cents here; You can always hire and expert, but how do you know
>that person is an expert. I've been hired to fix "the mess left
>behind" quite a few times.
Good point. There are always references. I have prospective clients
check my references all the time. However, if they were referred by
an existing client, that's usually un-necessary.
Incidentally, much of what I do is cleaning up someone elses mess
(both in install and engineering). I would normally expect a customer
that has been burned by one "expert" to demand credentials and
references from whomever they hire to clean up the mess. However,
that's rarely the case. They just want it fixed and are apparently
willing to repeat the same mistake they made on the first "expert".
I've also noticed that such clients rarely ask me for an estimate.
Very strange.
>Is there any wireless network certification?
Sure. Here's a list:
<http://www.certmag.com/articles/templates/CM_SG_Article_Template.asp?articleid=2562&zoneid=2 69>
I think there are others, but I'm too lazy to search. Some
universities offer classes which culminate in a certification exam.
I've always wanted to collect certifications, but my office walls are
plastered with books, racks, hanging mice, diagrams, maps, schematics,
dead motherboards, photos, and white boards, that there's no room for
the certificates.
On Sep 27, 3:51 pm, Jeff Liebermann <je...@comix.santa-cruz.ca.us>
wrote:
> On Thu, 27 Sep 2007 15:06:28 -0700, m...@sushi.com wrote:
> >My two cents here; You can always hire and expert, but how do you know
> >that person is an expert. I've been hired to fix "the mess left
> >behind" quite a few times.
>
> Good point. There are always references. I have prospective clients
> check my references all the time. However, if they were referred by
> an existing client, that's usually un-necessary.
>
> Incidentally, much of what I do is cleaning up someone elses mess
> (both in install and engineering). I would normally expect a customer
> that has been burned by one "expert" to demand credentials and
> references from whomever they hire to clean up the mess. However,
> that's rarely the case. They just want it fixed and are apparently
> willing to repeat the same mistake they made on the first "expert".
> I've also noticed that such clients rarely ask me for an estimate.
> Very strange.
>
> >Is there any wireless network certification?
>
> Sure. Here's a list:
> <http://www.certmag.com/articles/templates/CM_SG_Article_Template.asp?...>
> I think there are others, but I'm too lazy to search. Some
> universities offer classes which culminate in a certification exam.
>
> I've always wanted to collect certifications, but my office walls are
> plastered with books, racks, hanging mice, diagrams, maps, schematics,
> dead motherboards, photos, and white boards, that there's no room for
> the certificates.
>
> --
> # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
> # 831-336-2558 je...@comix.santa-cruz.ca.us
> #http://802.11junk.com je...@cruzio.com
> #http://www.LearnByDestroying.com AE6KS
Unfortunately, there are people that are good at passing written
tests, but still can't do the real work. Of course, having the sheep
skin and hands on knowledge is the best situation.
"Jeff Liebermann" <jeffl@cruzio.com> schreef in bericht
news:rcjnf3l7q4fkvts8ni954o5ehah4louqir@4ax.com...
> rockysam39 <rockysam39.2xkny8@no-mx.wirelessforums.org> hath wroth:
>
>
>>2.) Encryption technology
>
> You have two choices. WPA-PSK which uses TKIP and WPA2-PSK which uses
> AES. AES is considered more secure. In general, any client that
> supports TKIP will also support AES, so there's little risk of
> compatibility issues with AES. Only older cards and drivers may be a
> problem.
>
Hi,
Is it always these 2 choices for WPA?
In other words, if you buy a network card (PCMCIA) wich has WPA and WPA2, do
you have all possibilities?
Or is there in either one, another form of existence?
It's kinda difficult to answer that because the various choices
involve:
1. Protocol
2. Authentication
3. Authorization
4. Encryption.
5. Vendor specific additions.
>In other words, if you buy a network card (PCMCIA) wich has WPA and WPA2, do
>you have all possibilities?
Sorta, maybe, probably. Bear with me here.
The *MAJOR* forms are:
WPA-Personal with TKIP encryption and a shared encryption key.
WPA-Enterprise with TKIP and RADIUS authentication
WPA2-Personal with AES encryption and a shared encryption key.
WPA2-Enterprise with AES encrytion and RADIUS authentication.
However, there are routers which will accept WPA with AES encryption.
None offer WPA2 with TKIP. You won't need that.
Where it gets ugly and potentially incompatible is 802.1x
authentication using EAP (extensible authentication protocol). There
are a mess of protocols possible with EAP.
<http://www.networkworld.com/research/2002/0506ilabwlan.html>
<http://www.computerworld.com/mobiletopics/mobile/story/0,10801,79995,00.html>
<http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol>
The problem is that not all wireless clients support all of these.
<http://www.microsoft.com/technet/network/eap/eap.mspx>
For wireless MS supports:
PEAP-MS-CHAP v2, EAP-TLS, PEAP-TLS
Vista added some more, but I'm too lazy to dig out the list.
>Or is there in either one, another form of existence?
Existence on a different plane is best experienced under the influence
of controlled substances.
"Jeff Liebermann" <jeffl@cruzio.com> schreef in bericht
news:9cb0g3p0l93j071p7umvas4auql65aimkl@4ax.com...
> "Ruud2022" <ruud_geenspam_hot@hotmail.com> hath wroth:
>
>>Is it always these 2 choices for WPA?
>
> It's kinda difficult to answer that because the various choices
> involve:
> 1. Protocol
> 2. Authentication
> 3. Authorization
> 4. Encryption.
> 5. Vendor specific additions.
>
>>In other words, if you buy a network card (PCMCIA) wich has WPA and WPA2,
>>do
>>you have all possibilities?
>
> Sorta, maybe, probably. Bear with me here.
> The *MAJOR* forms are:
> WPA-Personal with TKIP encryption and a shared encryption key.
> WPA-Enterprise with TKIP and RADIUS authentication
> WPA2-Personal with AES encryption and a shared encryption key.
> WPA2-Enterprise with AES encrytion and RADIUS authentication.
>
>
>>Or is there in either one, another form of existence?
>
> Existence on a different plane is best experienced under the influence
> of controlled substances.
>
>
Thanks a lot Jeff, bit by bit I become more aware of wireless Internetting.
Your last sentence I did'nt understand very much, maybe I wrote noncense in
mine.
English is not my "home" language ;-))
>>>Or is there in either one, another form of existence?
>>
>> Existence on a different plane is best experienced under the influence
>> of controlled substances.
>Your last sentence I did'nt understand very much, maybe I wrote noncense in
>mine.
>English is not my "home" language ;-))
>But anyway, thanks for teaching me something.
>Ruud.
Your English is quite good, so I assumed that you knew some of the
terms. "Another form of existence" was a phrase used during the
1960's to mean that someone was drugged or "stoned" sufficiently to
escape the common normal daily form of existence, and live in an
"altered state". In other words, a loss of reality. "Controlled
substances" are drugs restricted by the government. I hope this
helps.
Re: WEP vs WPA 
Linear Mode
