Paranoid Penguin - Securing WLANs with WPA and FreeRADIUS, Part I
If a supplicant is authenticated by way of EAP-TLS or some other encrypted version of EAP, that authentication traffic also is encrypted. But the wireless LAN frames themselves are not; that can't happen until WEP is enabled on the connection between the supplicant system and the access point. As it happens, from the implementor's standpoint, this is the simplest part of WPA. Upon successful authentication, the server, authenticator and supplicant use the Temporal Key Integrity Protocol (TKIP) to negotiate and transmit WEP keys securely for use between the authenticator and the supplicant system. This process largely is transparent: you do not need to configure anything on the server or supplicant for this to work. However, most access points, including hostapd on Linux, can be configured with custom settings for things such as WEP-re-keying interval.
The other thing to remember about TKIP is, as I mentioned earlier, the server is optional. If you've configured your supplicants and authenticator to use pre-shared key (PSK) mode, TKIP still is used to key and re-key WEP encryption dynamically between your supplicant and access point.
That's WPA in a nutshell. Next time, we'll apply these concepts of using FreeRADIUS to create a Linux-based authentication server for WPA. If you can't wait until then to get started, check out the on-line Resources for more information. Be safe!
Resources for this article: /article/8070.
Mick Bauer, CISSP, is Linux Journal's security editor and an IS security consultant in Minneapolis, Minnesota. O'Reilly & Associates recently released the second edition of his book Linux Server Security (January 2005). Mick also composes industrial polka music, but has the good taste seldom to perform it.
- Readers' Choice Awards 2013
- Mars Needs Women
- RSS Feeds
- Sublime Text: One Editor to Rule Them All?
- December 2013 Issue of Linux Journal: Readers' Choice
- Raspberry Pi: the Perfect Home Server
- IBM Will Minimize Impact of Future Disasters
- Linux Systems Administrator
- Senior Perl Developer
- Technical Support Rep
- Reply to comment | Linux Journal
19 min 19 sec ago
- why is GNOME 3 in the fifth position at 14.1 %?
5 hours 51 min ago
- Sublime Is Brilliant!
10 hours 54 min ago
11 hours 13 min ago
- Rapid[Disk,Cache] better than native ram caching?
11 hours 38 min ago
- Nothing is perfect
11 hours 52 min ago
- Mixtapes Community
17 hours 31 min ago
- KDE is one true DE
18 hours 5 min ago
- Command Line Shells (Bash, Zsh, etc.) are 2nd place
18 hours 33 min ago
20 hours 28 min ago