I have a project; I'm going to leave some pieces obscure, not because I think the people who would get enflamed won't immediately recognize it, but because I want the people who are unlikely to get enflamed to stay engaged to the end... Please don't just redirect me to r/AmateurRadio; They can't help me.
I want to set up a wide area, high speed wireless network; It's really a LAN, in the sense that it's a (Relatively) small number of users, connected directly to each other, sharing a small set of local (To the network) resources... But it's geographically dispersed among nodes across, say, a county. High RF power limits and custom engineered antennas are allowed by our regulatory licensing, so I'm thinking an access point on a pole on a hilltop... Ubiquiti Networks and the like have radios that seem to meet the performance requirements I seek... But, really, any hardware provider that gets the really obscure combination of protocols I need would be amazing:
However, while regulatory licensing allows high power and fancy antennas, it prohibits Codes and ciphers for the purpose of obscuring the meaning of the message... In other words, we are prohibited from protecting ourselves from eavesdropping.
However, access control is important for a number of reasons, primarily in the form of preventing the Access Point from transmitting packets on the behalf of unauthorized users. In other words, ANYONE can LISTEN to our network... But only authorized users can TRANSMIT.
Other attempts at solving my problem have either argued that the PURPOSE isn't to obscure the meaning, the PURPOSE is to control access to the network, therefore encryption IS allowed - Use WEP, publish the encryption key publicly, that way anyone can fire up Promiscuous mode and have their fun... But that really doesn't prevent transmitting even in the best case scenario.
Others argue that we have a regulatory obligation to prevent unathorized access, that such a requirement mandates best security practice, and since it's "Not the purpose to obscure the meaning," fire up WPA2...
BUT, it's NOT the PURPOSE of encryption to authenticate the users in the first place... That's 802.1x' job. Once authenticated, we really don't need anything more than some sort of ability to hold the authorized port open...
SO, long ass background out of the way: Is it possible to use 802.1x to authenticate users and authorize access to the WiFi port, WITHOUT using any form of Layer 2 encryption, on any standards-compliant wifi hardware?
No comments:
Post a Comment