On 25 Sep 2001, Stainless Steel Rat wrote:
> Which remains exactly as insecure as before. Ethernet already has several
> authentication mechanisms: MAC address on the adaptor and in the case of
> 802.11b the encryption and authentication keys they use. PPPoE does not
> functionally improve on these in any way, shape or form. It only offers
> the illusion of improved security.
There's only one single encryption key used for an entire network using
WEP. So every time you remove someobdy from the network (students
graduating, employees being fired, etc.) you need to change the key for
everybody. Somewhat impractical, don't you think?
Adaptor MAC addresses can easily be sniffed, although that is a better
solution than encryption - carnegie mellon uses MAC-based access controls.
CMU's netbars (public access wired ethernet stations) are an attempt to
deal with this nicely - you have to telnet to a specific IP address and
log in, and then the router lets you through. Same sort of authentication
as PPPoE - individual usernames and passwords - but you don't have to use
evil protocols like PPPoE.
gopi.
-- This is the Newtontalk mailinglist - http://www.newtontalk.net To unsubscribe or manage: visit the above link or mailto:newtontalk-request_at_newtontalk.net?Subject=unsubscribe
This archive was generated by hypermail 2.1.2 : Wed Oct 03 2001 - 12:02:19 EDT