RE: [smartBridges] Auth question

[Breiland, Derek]

Good point Mark.  With that being said, I ask the SmartBridges folks as to when some of these better forms of WEP will be implemented?  As providers all we can provide is a best effort to keep subscriber data secure.  The technology to do better is out there just not available in the SmartBridges products.  Any ideas?   -----Original Message----- From: Mark Radabaugh [mailto:[EMAIL PROTECTED] Sent: Monday, October 13, 2003 3:43 PM To: [EMAIL PROTECTED] Subject: Re: [smartBridges] Auth question   Almost correct - but keep in mind that all of these methods are still vulnerable to the weak WEP key problem.   By collecting enough data (only a couple of hours worth) it is possible to decrypt the WEP key (even the 128 bit version) and then connect to your network.   MAC authentication may keep them from associating unless they clone an existing users MAC address - and they can still decode information in the users data without associating once they have found the WEP key.   Current wireless security using WEP without any of the various patches (LEAP, MIC, TKIP) doesn't do any more than keep the honest people honest.  AKAIK Smartbridges has not implemented any of the workarounds for the WEP key problems.   Mark Radabaugh Amplex (419) 720-3635     ----- Original Message ----- From: Sevak Avakians To: [EMAIL PROTECTED] Sent: Monday, October 13, 2003 4:19 PM Subject: RE: [smartBridges] Auth question   Sorry for being such a dope on this... Now I think I've got it, but one more question: When in OPEN - OPEN, the transmissions are still encrypted, but no challenge is made? So, this is why Shared is a little less secure than Open...because someone listening to the unencrypted challenge and resultant encrypted response from CPE -theoretically- would be able to figure out the key.  So, as long as MAC authorization is enabled and all of my real customers' MAC addresses are in the list, I can confidentally use the Open method without fearing that illegal users would be able to get on the network if they don't have the key. On Fri, 2003-10-10 at 14:37, Seeni Mohamed wrote: Hi Sevak,   I am sorry about that if I confused.   As you mentioned, if your APPOs are in "OPEN" with WEP keys enabled, then the CPE without these WEP keys will not be able to communicate each other. Here is the table for the various authentication TYPE can be used with our sB devices. Please remember that Authentication will be valid only if WEP encryption enabled.   smartbridges CPE smartbridges Access point  Encryption  Associate PING Open Open 64/128 Y Y Shared Shared 64/128 Y Y Shared Open 64/128 N N Open Shared 64/128 N N Open Both 64/128 Y Y Shared Both 64/128 Y Y Both Both 64/128 Y Y   Here is the difference between OPEN and SHARED keys. OPEN   During the OPEN key authentication, the CPE sends only the request and AP response and process request based on the WEP encryption. With this authentication, they key will be hidden and not shared among the devices. SHARED During the shared key authentication, the access point sends an unencrypted challenge text string to any device attempting to communicate with the access point. The device requesting authentication encrypts the challenge text and sends it back to the access point. If the challenge text is encrypted correctly, the access point allows the requesting device to authenticate.   Kind regards, Seeni sB Tech support [EMAIL PROTECTED]   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sevak Avakians Sent: Saturday, October 11, 2003 12:01 AM To: [EMAIL PROTECTED] Subject: RE: [smartBridges] Auth question   Ok, I'm very confused by this authentication thing now.  I thought that OPEN meant that anyone without a matching WEP key can connect and SHARED meant only those with a matching WEP key can connect.  But you are saying that OPEN means that they still need a matching WEP key?  Is this a typo?  Does this mean if my APPOs are in "OPEN" with WEP keys enabled, then customers without these WEP keys will not be able to connect?  If this is the case, then what's the difference between OPEN and SHARED.  Is it that the OPEN does not bother encrypting after the first check to see if the CPE has the right keys and SHARED always encrypts using those keys? Please help a lost soul!!! Thanks, Sevak On Thu, 2003-10-09 at 15:16, Seeni Mohamed wrote:     The AUTHENTICATION TYPE option provided in the Advanced TAB for the purpose of WEP key encryption, not for the wireless clients MAC authentication   OPEN SYSTEM allows any device to authenticate and then attempt to communicate with the access point (null authentication) Using OPEN SYSTEM, any wireless device can authenticate with the access point, but the device can only communicate if its WEP keys match the access points. Devices not using WEP do not attempt to authenticate with an access point that is using WEP.   Best regards, Seeni sB Tech support [EMAIL PROTECTED]     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kunze Sent: Friday, October 10, 2003 1:48 AM To: [EMAIL PROTECTED] Subject: [smartBridges] Auth question   'scuse me if this has been covered, I just joined.   Regarding an APPO, in the Advanced tab under Authentication Type:   If one selects OPEN SYSTEM, does that permit clients to associate even if their mac address isn't in the Client Auth table, or is it that they must still be mac authorized yet are allowed if they don't have the WEP key?   Thanks.   Rk   ----------ANNOUNCEMENT---------- Don't forget to register for WISPCON IV http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm   The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org