PhxBUG - Phoenix BSD User Group
Daemons in the Desert
User loginPost This Page toWho's onlineThere are currently 0 users and 0 guests online.
Who's new
Syndicate Search |
Possible 802.11i/WPA support to come for OpenBSDThe following comment was noticed in OpenBSD's plus.html page (documenting changes to -current):
OpenBSD's wifi support has grown and improved at a rapid pace over the last couple of years. We have seen clean, unencumbered driver support for a large number of wireless chipsets and the "Host Access Point daemon", hostapd(8). One component that has been missing is support for the Wi-Fi Alliance's WPA security implementation. OpenBSD developers have been noted as calling the newer wireless security models overengineered and needlessly complicated, instead encouraging users to rely on mature wireless security based on tools like AuthPF + IPsec. Nonetheless, demand for WPA keeps growing, especially in light of support in other Unix-like platforms such as Linux and FreeBSD. IEEE 802.11i is the newest wireless security standard and is called WPA2 by the Wi-Fi Alliance. Keep an eye on OpenBSD's development and work on an 802.11i/WPA implementation. Although it may be a late comer on the scene, it is bound to be of the same high quality and reliability that we have come to expect from the project. Another WPA UpdateSee the Work on WPA article on the OpenBSD Journal. By dwc at 2007/07/05 - 9:48am | login to post comments
WPA required in the workplace?At least one of the postings on undeadly.org referred to WPA being required in *some* workplaces. I work out of my home, so I am not familiar with that, but I have been under the impression that WEP is still considered the scheme of choice in most work places; due, if for no other reason, on the widespread availability of WEP-enabled WiFi products. Does anyone have any first-hand experience of WPA being required in the workplace? Thanks, Joe By barnett at 2007/07/08 - 10:35am | login to post comments
Yep, required commonlyAll three of the companies I've worked IT for in the last 5+ years have had a mandatory WPA security policy. When it comes to wireless security, options are limited. There's WEP which is a trivial joke, tunneling 802.11 traffic over a VPN solution (e.g. IPsec or OpenVPN, etc.) or WPA / 802.11i (RSN). As a ratified standard for wireless security, and having gained a lot of popularity by interim security certifications from Wi-Fi Alliance, WPA moved forward mainly because it's kind of silly to have to manage VPN infrastructure for wireless communications. My last company standardized on Cisco WAPs and migrated from the proprietary (and weak) LEAP protocols to the 802.11i EAP-FAST solution (also Cisco-centric) which utilized two-factor authentication using X.509 certs and LDAP authentication. With an internal PKI and directory services established, it was an easy fit. My current company utilizes another 802.11i flavor that works similarly, although a tad more open standards based. The previous solution was IPsec-VPN based. This is much easier to deploy and maintain, and easier for users to use. Note that WPA is usually used in a vague sense to mean the wireless security that came after WEP; in reality WPA1 and WPA2 are seperate with WPA proving only a subset of the security mechanisms that 802.11i provides (WPA2 is the "official" 802.11i specification, but the Wi-Fi Alliance name for it rather than the IETF's or whatever. For the record, FreeBSD has a full 802.11i (WPA/WPA2) implementation in recent releases. By sancho at 2007/08/04 - 7:58pm | login to post comments
|
Upcoming eventsEvents
Recent comments
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
WPA as of OpenBSD 4.1
Since searches for OpenBSD and WPA frequently end up here, I thought I'd post a little update.
It's not there.
It seems that none of the developers are thrilled with WPA as a security solution (understandably), and none of the developers have a pressing need to use WPA (lucky, lucky). Of the people who want it really bad, it seems none of them are willing to fund development, take up a collection to fund development, develop or port WPA code, or get a developer interested in any other way.