|
Posted by Bob Simon on September 12, 2007, 9:17 am
If you were Registered and logged in, you could reply and use other advanced thread options
Yesterday I purchased a D-Link wireless print server and set it up. I
followed the instructions in the Quick Install Guide: "Next to
authentication, select Shared Key." The server did not connect to the
Access Point. I phoned up D-Link tech support and to their credit,
they advised me to change this parameter to "Open", which solved the
problem. Unfortunately, the tech support guy was unable to explain
why. I hope someone here can enlighten me.
The Access Point is a Netopia router furnished by the phone company.
It is set up with WEP and a 10 digit hex key. It certainly seems
appropriate to configure the print server authentication to be
"Shared Key." Is the D-Link implementation (and documentation)
defective, or is "Open" actually the appropriate setting?
|
|
Posted by Sebastian G. on September 12, 2007, 9:51 am
If you were Registered and logged in, you could reply and use other advanced thread options
Bob Simon wrote:
> Yesterday I purchased a D-Link wireless print server and set it up. I
> followed the instructions in the Quick Install Guide: "Next to
> authentication, select Shared Key." The server did not connect to the
> Access Point. I phoned up D-Link tech support and to their credit,
> they advised me to change this parameter to "Open", which solved the
> problem. Unfortunately, the tech support guy was unable to explain
> why. I hope someone here can enlighten me.
>
> The Access Point is a Netopia router furnished by the phone company.
> It is set up with WEP and a 10 digit hex key. It certainly seems
> appropriate to configure the print server authentication to be
> "Shared Key." Is the D-Link implementation (and documentation)
> defective, or is "Open" actually the appropriate setting?
Neither WEP nor "Open Authentication Mode" are appropriate.
|
|
Posted by Carl Lewis on September 12, 2007, 9:53 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Yesterday I purchased a D-Link wireless print server and set it up. I
> followed the instructions in the Quick Install Guide: "Next to
> authentication, select Shared Key." The server did not connect to the
> Access Point. I phoned up D-Link tech support and to their credit,
> they advised me to change this parameter to "Open", which solved the
> problem. Unfortunately, the tech support guy was unable to explain
> why. I hope someone here can enlighten me.
>
> The Access Point is a Netopia router furnished by the phone company.
> It is set up with WEP and a 10 digit hex key. It certainly seems
> appropriate to configure the print server authentication to be
> "Shared Key." Is the D-Link implementation (and documentation)
> defective, or is "Open" actually the appropriate setting?
The simple answer is that the key type is set up on your access point,
so presumably your AP is set to Open and therefore your print server
would also need to be. I have read that Open is more secure; no idea if
this is true or not, I'm afraid. Shared supposedly performs some
authentication using the SSID at the beginning which is vulnerable to
attack.
|
|
Posted by Sebastian G. on September 12, 2007, 12:35 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> The simple answer is that the key type is set up on your access point,
> so presumably your AP is set to Open and therefore your print server
> would also need to be. I have read that Open is more secure; no idea if
> this is true or not, I'm afraid.
Well, why don't you inform yourself how WEP Open Authentication works?
> Shared supposedly performs some
> authentication using the SSID at the beginning which is vulnerable to
> attack.
Yeah, you could hardly show off more incompetence.
|
|
Posted by on September 12, 2007, 6:47 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>Carl Lewis wrote:
>
>
>> The simple answer is that the key type is set up on your access point,
>> so presumably your AP is set to Open and therefore your print server
>> would also need to be. I have read that Open is more secure; no idea if
>> this is true or not, I'm afraid.
>
>
>Well, why don't you inform yourself how WEP Open Authentication works?
>
>> Shared supposedly performs some
>> authentication using the SSID at the beginning which is vulnerable to
>> attack.
>
>
>Yeah, you could hardly show off more incompetence.
If you are using shared key authentication with WEP then you are the
incompetant. Shared key authentication doesn't work and actually makes WEP even
more unsecure than it otherwise is.
See for instance
http://www.networkworld.com/research/2002/0909wepprimer.html
"
Weakness: Authentication messages can be easily forged
802.11 defines two forms of authentication: Open System (no authentication) and
Shared Key authentication. These are used to authenticate the client to the
access point. The idea was that authentication would be better than no
authentication because the user has to prove knowledge of the shared WEP key,
in effect, authenticating himself. In fact, the exact opposite is true: If you
turn on authentication, you actually reduce the total security of your network
and make it easier to guess your WEP key.
Shared Key authentication involves demonstrating the knowledge of the shared
WEP key by encrypting a challenge. The problem is that a monitoring attacker
can observe the challenge and the encrypted response. From those, he can
determine the RC4 stream used to encrypt the response, and use that stream to
encrypt any challenge he receives in the future. So by monitoring a successful
authentication, the attacker can later forge an authentication. The only
advantage of Shared Key authentication is that it reduces the ability of an
attacker to create a denial-of-service attack by sending garbage packets
(encrypted with the wrong WEP key) into the network.
"
and
http://www.cs.nmt.edu/~cs553/pap29.pdf
"
Furthermore, because the same keys are used for shared key authentication and
WEP, when you use shared key authentication and it is compromised you have had
your WEP keys compromised as well, meaning that an intruder could then decipher
all traffic to and from the AP and its clients. Ironically the most secure
setting of this feature is "open authentication", allowing anyone to associate
with your access points, and relying on other methods to handle security.
While removing a layer of security may seem contradictory to making your
network more secure, this particular layer is flawed and hurts far more than it
helps.
"
Having said that WEP is now broken so easily that unless your devices offer you
no alternative you should be looking at using WPA or WPA2.
David Webb
Security team leader
CCSS
Middlesex University
|
| Similar Threads | Posted | | Open source two-factor authentication system released | September 1, 2005, 9:23 am |
| SSL Server authentication, SSL client authentication, SSL connection and SSL session | August 14, 2006, 1:05 pm |
| WEP authentication, why WEP authentication scheme is flawed and how it can be attacked | August 1, 2006, 12:51 pm |
| Dedicated vs. shared hosting? | March 20, 2005, 8:14 am |
| What are the real dangers of shared hosting ? | May 8, 2004, 7:25 am |
| NESSUS:error while loading shared libraries: libnasl.so.2 | July 14, 2005, 11:30 pm |
| HPSBMA02245 SSRT061260 rev.1 - HP OpenView Dashboard Running Shared Trace Service, Remote Arbitrary Code Execution | August 13, 2007, 4:41 pm |
| HPSBMA02239 SSRT061260 rev.1 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution | August 13, 2007, 4:37 pm |
| HPSBMA02239 SSRT061260 rev.2 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution | August 31, 2007, 10:47 am |
| HPSBMA02239 SSRT061260 rev.3 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution | January 9, 2008, 8:58 am |
|
XML site map