Paranoid Penguin - Securing WLANs with WPA and FreeRADIUS, Part I
If a supplicant is authenticated by way of EAP-TLS or some other encrypted version of EAP, that authentication traffic also is encrypted. But the wireless LAN frames themselves are not; that can't happen until WEP is enabled on the connection between the supplicant system and the access point. As it happens, from the implementor's standpoint, this is the simplest part of WPA. Upon successful authentication, the server, authenticator and supplicant use the Temporal Key Integrity Protocol (TKIP) to negotiate and transmit WEP keys securely for use between the authenticator and the supplicant system. This process largely is transparent: you do not need to configure anything on the server or supplicant for this to work. However, most access points, including hostapd on Linux, can be configured with custom settings for things such as WEP-re-keying interval.
The other thing to remember about TKIP is, as I mentioned earlier, the server is optional. If you've configured your supplicants and authenticator to use pre-shared key (PSK) mode, TKIP still is used to key and re-key WEP encryption dynamically between your supplicant and access point.
That's WPA in a nutshell. Next time, we'll apply these concepts of using FreeRADIUS to create a Linux-based authentication server for WPA. If you can't wait until then to get started, check out the on-line Resources for more information. Be safe!
Resources for this article: /article/8070.
Mick Bauer, CISSP, is Linux Journal's security editor and an IS security consultant in Minneapolis, Minnesota. O'Reilly & Associates recently released the second edition of his book Linux Server Security (January 2005). Mick also composes industrial polka music, but has the good taste seldom to perform it.
- Readers' Choice Awards 2013
- Mars Needs Women
- RSS Feeds
- Sublime Text: One Editor to Rule Them All?
- Raspberry Pi: the Perfect Home Server
- December 2013 Issue of Linux Journal: Readers' Choice
- IBM Will Minimize Impact of Future Disasters
- Tech Tip: Really Simple HTTP Server with Python
- Linux Systems Administrator
- Senior Perl Developer
33 min 38 sec ago
- This should be very helpful
1 hour 47 min ago
- As much as I share your point
4 hours 7 min ago
- So girls had it better ?
7 hours 38 min ago
- Reply to comment | Linux Journal
7 hours 59 min ago
- why is GNOME 3 in the fifth position at 14.1 %?
13 hours 31 min ago
- Sublime Is Brilliant!
18 hours 34 min ago
18 hours 53 min ago
- Rapid[Disk,Cache] better than native ram caching?
19 hours 18 min ago
- Nothing is perfect
19 hours 31 min ago