secuirty solutions for ad-hoc, pre-shared keys & VPN - h
Last Post: March 30, 2005:
Following 4 questions are in my mind about new security solutions:
1. How do the new security solutions (both WPA and 802.11i) deal with ad-hoc networks? - did they specify any criteria to be met for these networks to work?
2. For SOHO networks, the "pre-shared keys" in TKIP (WPA), is the only solution?...may be because they don't need to have RADIUS setup?
3. Did any of the new security solutions (both WPA and 802.11i) talk about "how to?" for any VPN type of solutions?
4. Regarding "peer-to-peer" attacks, can it be said that, an attack from one access point to another access point, is one kind of peer attacks. If it is not, then what other kind of peer attack is possible, except an attack between stations to stations?
Any help from experienced network admins...please?
Hi Smith of Toronto:
Background: WPA is the Wi-Fi Alliance pre-release of TKIP and passphrase to replace WEP and WEP key. WPA2 is the Wi-Fi Alliance name for IEEE 802.11i compliance. WPA2 includes TKIP and CCMP encryption and each encryption can be keyed with either a manually shared passphrase or an automated 802.1X/EAP/RADIUS/Directory service.
1. 802.11i goes into great length regarding ad hoc (IBSS) networks.
2. SOHO 802.11i compliant networks may use either manual or automatic key management. Recent advice is that passphrases should be at least 20 characters and not a string of dictionary words.
3. VPN is outside the scope of WPA and WPA2, but can be layered on.
4. I think of peer-to-peer attacks as client station to client station, although a rogue access point may be involved as well.
I hope this helps. Thanks. /criss