Re: [OT] DHCP auth&auth software

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



2009/10/19 Marko Vojinovic <vvmarko@xxxxxxxxx>:
> with a form the user is supposed to fill in and send. After he does so, an
> administrator does a sanity check of the data the user provided, and grants or
> denies access. If access is granted, the user gets a new, unrestricted dhcp
> lease, which provides him with a normal access to local network.

Just be aware that, as far as I hear the experts, MAC addresses can be
sniffed off the air even on "protected"/"encrypted" WiFi networks and
so an intruder can find authorised ones. So trusting the MAC address
for authentication is not secure.

The way I hear that this is usually done is to create a VPN tunnel
over the WiFi connection. Legitimate users still have to authenticate
over that VPN tunnel and therefore even a fake sniffed MAC address
won't help an intruder. The VPN also enhances protection of legitimate
traffic.

I never implemented this (neither the WiFi protection nor the MAC
sniffing) so can't testify from personal experience.

Cheers,

--Amos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux