Paranoid Penguin - Securing WLANs with WPA and FreeRADIUS, Part I
If a supplicant is authenticated by way of EAP-TLS or some other encrypted version of EAP, that authentication traffic also is encrypted. But the wireless LAN frames themselves are not; that can't happen until WEP is enabled on the connection between the supplicant system and the access point. As it happens, from the implementor's standpoint, this is the simplest part of WPA. Upon successful authentication, the server, authenticator and supplicant use the Temporal Key Integrity Protocol (TKIP) to negotiate and transmit WEP keys securely for use between the authenticator and the supplicant system. This process largely is transparent: you do not need to configure anything on the server or supplicant for this to work. However, most access points, including hostapd on Linux, can be configured with custom settings for things such as WEP-re-keying interval.
The other thing to remember about TKIP is, as I mentioned earlier, the server is optional. If you've configured your supplicants and authenticator to use pre-shared key (PSK) mode, TKIP still is used to key and re-key WEP encryption dynamically between your supplicant and access point.
That's WPA in a nutshell. Next time, we'll apply these concepts of using FreeRADIUS to create a Linux-based authentication server for WPA. If you can't wait until then to get started, check out the on-line Resources for more information. Be safe!
Resources for this article: /article/8070.
Mick Bauer, CISSP, is Linux Journal's security editor and an IS security consultant in Minneapolis, Minnesota. O'Reilly & Associates recently released the second edition of his book Linux Server Security (January 2005). Mick also composes industrial polka music, but has the good taste seldom to perform it.
- Readers' Choice Awards 2013
- Linux Kernel News - November 2013
- Mars Needs Women
- December 2013 Issue of Linux Journal: Readers' Choice
- RSS Feeds
- Sublime Text: One Editor to Rule Them All?
- Raspberry Pi: the Perfect Home Server
- Advanced Hard Drive Caching Techniques
- Web Administration Scripts
- IBM Will Minimize Impact of Future Disasters
- thanks for share, great
3 hours 17 min ago
- There are factors which are
8 hours 17 min ago
- Gnome 3 ?
9 hours 2 min ago
- Reply to comment | Linux Journal
13 hours 9 min ago
- "Redis RethinkDB 4.5%" on Best NoSQL Databases
23 hours 15 min ago
- on the ground
1 day 5 hours ago
- I was able to read the whole
1 day 7 hours ago
- since i have read the title i
1 day 10 hours ago
- Belanja Online Cari Voucher Diskon
1 day 10 hours ago
- The kernel doesn't really
1 day 22 hours ago