View Full Version : airport security

Dec 21, 2004, 02:08 PM
my school gave me the new 12" 1.2ghz ibook for work but i cant use the airport cause my school disconnected the airport basestation
so when i need to go on the network i have to cary ethernet cables everywhere i go
when i asked why this year they disconnected it they said because of security issues
i want to convince them to plug it back in so my question is what are potential security issues and can they be eliminated

Dec 21, 2004, 02:59 PM
i want to convince them to plug it back in so my question is what are potential security issues and can they be eliminated

Your school is right in one way that Wi-fi is not secure - just yesterday on Slashdot there was a story about a new tool that can crack the most common Wi-fi security (WEP) in seconds. However you don't need to use WEP - there is a far better and more secure wi-fi security called WPA.

OS X and the Airport chipset driver support WPA (Wifi protected access) really well. Windows XP computers do support it too, but may require a firmware update (and XP Service Pack 2 helps).

WPA has two modes, Personal and Enterprise. Personal is fine for your home network where there's only a couple of devices on the network. For your school, they should be looking at the Enterprise mode. This requires what's known as a RADIUS server. It's an authentication server that changes your WPA 'key' automatically every few minutes. This makes it almost impossible to crack (unless someone is trying to break into your school network with a quantum computer, but hey, if they can do that you should probably just give them an award for being able to program the damn thing - [edit: BTW, I am just being sarcastic here, the quantum computer hack is not realistic]).

You can build a RADIUS server fairly easily. Some RADIUS software is free, see here (http://tldp.org/HOWTO/8021X-HOWTO/index.html) for a good how-to on setting up the free server.

So, there is no real reason why your school can't provide secure wireless access. They may not want to deal with the radius server, as the free one runs on linux. There is one that runs on OS X here (www.rdxserver.com) - it's not free, but is priced pretty reasonably. If your school is a Mac shop, they probably have a spare box in the back of a cupboard they can use to run it.

So go an convince them! Your school IT guy/s might even be keen to try out the radius server (more kit to play with...everyone loves that).

Good luck!

Dec 21, 2004, 03:06 PM
If this district/school is anything like the one my wife works for, then

"Wifi is not secure" = "We have no idea how to lock down the network, let alone hire someone who might since we don't have the money to pay a decent salary and no geek in his right mind wants to work for $20K/year managing a schools network. Therefore we will refuse to keep with today's technology and keep our out-of-date infrastructure and preach to parents and community members how important technology is in the learning process."

Couldn't resist.