Howie Frisch wrote: > I would be interested to know if this trouble is a result of "sniffing" > 802.11 packets over the air or sniffing what is on the LAN after the AP > (which is far easier). If the sniffing it taking place on the LAN, then > encrypting the air channel will do nothing at all for your case since > the encryption is finished at the AP and the network would put the same > thing onto the LAN with or without encryption. > > Howie
I don't know that LAN sniffing is easier, especially on a switched network; something like Kismet (or the Mac port, KisMAC) can be run by a novice user with no problem to pick up traffic from multiple networks simultaneously. Even Wireshark (formerly Ethereal) can be used this way, if the sniffer machine is already attached to the unencrypted network. --Matt > > ________________________________ > > From: Nathan Hay [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 25, 2007 9:25 AM > To: [email protected] > Subject: [WIRELESS-LAN] Transition from open to encrypted > > > > We've been running our main SSID without encryption to make it easier > for students to connect and to make life easier for our help desk. Not > surprisingly we've started to have problems with students sniffing > packets and capturing the IM passwords, etc of other students. > > > > Because of this, we are working on a plan to make our main SSID > encrypted by the start of next school year. > > > > Does anyone have a recommended scheme for encryption that supports a > wide variety of clients? We have Windows, Mac, Linux, Nintendo Wii, and > many different types of handheld devices on campus. Our wireless > network is Meru. > > > > We don't have any 802.1x experience, but we are willing to learn if that > is where we need to head. We'd like a scheme that makes it as easy for > the client to connect as possible, but still provides a good level of > security. > > > > Any thoughts or suggestions would be appreciated, > > > > Nathan > > > > > > > > > > > > > > > > > > > Nathan P. Hay > Network Engineer > Computer Services > Cedarville University > www.cedarville.edu <http://www.cedarville.edu/> > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > -- Matt Gracie (716) 888-2403 Information Security Administrator [EMAIL PROTECTED] Canisius College ITS 425531N / 0785109W http://www2.canisius.edu/~graciem/graciem_public_key.gpg ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
