Bridge to Multipoint Bridge, best security?

In my (limited) experience with wireless bridges, as far as I'm aware,
WEP is the only encryption allowed as WPA won't work because it
requires direct connection to the client.

I know MAC filtering can be spoofed easily so where does this lead
bridging as a possible secure way of linking mulitple branches?

Is there another alternative that has a higher level of security using
standard 802.11 gear?

I appreciate any responses.

jac

On 29 Nov 2005 21:02:44 -0800, "Jac" <(E-Mail Removed)> wrote:

>In my (limited) experience with wireless bridges, as far as I'm aware,
>WEP is the only encryption allowed as WPA won't work because it
>requires direct connection to the client.

Not exactly. WPA was originally intended as a temporary repair job
for the deficiencies of WEP. It's implimentation was designed to NOT
require any hardware modifications or protocol extensions. The theory
was that WPA2 with AES encryption would require a dedicated chip for
crunching the encryption. Well, processors became sufficiently
powerful to do it all in software, so that prediction didn't exactly
work. However WPA took so long to be implimented that the extensions
crept into the spec. 802.1x authentication (e.g. RADIUS) does require
an external server and might cause poblems with a point to multipoint
bridge. However WPA-PSK (pre-shared key) does NOT require an external
server and could easily be implimented in a point to multipoint bridge
as all the keys are the same. A few bridge products do this. Why the
majority of the cheap bottom of the line product do not allow just
WPA-PSK seems to reek of a bug, implimentation error, or just plain
cluelessness where they can't seem to distinguish between the assorted
authentication schemes and just plain WPA-PSK.

>I know MAC filtering can be spoofed easily so where does this lead
>bridging as a possible secure way of linking mulitple branches?
>
>Is there another alternative that has a higher level of security using
>standard 802.11 gear?

Nope. WPA-PSK is "good enough".

Are you looking for products that support WPA-PSK in bridge mode?
There are quite a few listed that specifically do NOT support WPA in
bridge mode. However, using Google and searching for "WPA-PSK point
to point bridge" I find:
| http://www.3com.com/products/en_US/d...3CRWEASYG73-US
as a suitable example of one that does support WPA-PSK. I'm sure
there are others. However, read the manual carefully before buying.
WPA-RADIUS and 802.1x will surely not work in point to multipoint
mode, but WPA-PSK should.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Thanks Jeff,

Thats the solution then, I'll find a model that supports WPA-PSK.

Jac

> I know MAC filtering can be spoofed easily so where does this lead
> bridging as a possible secure way of linking mulitple branches?
>
> Is there another alternative that has a higher level of security using
> standard 802.11 gear?

Easy, http://www.fortresstech.com