802.1x Secure Implementation

[compton]

Hopefully, with OS X 10.3 Panther, Apple is planning on implementing the new secure WiFi standard, 802.1x, into the OS. As far as I know, Windows XP is the only OS to do so, and for other OSes, you must pay a high price for a software client that will allow you to login to Secure Wireless networks.

If anyone knows if this implementation is planned or not, or how to lobby such an effort, please let me know.

 

[symphonix]

I think it is already implemented. The airport info page says:
Security
- Wireless security (WEP) configurable for 40-bit and 128-bit encryption
- MAC address filtering
- NAT firewall
- Support for RADIUS

RADIUS is the authentication server used by 802.1x. I think that means Airport already supports the 802.1x initiative.

 

[compton]

I know for a fact that under OS X 10.2 you have to intsall a 802.1x client. A lot of major universities are moving to this standard, which isn't even compatible with previous Mac OSes. But, even with that OS X 10.2 requires a client to work with the new WiFi Secure Standard. Also, from what I've heard, 802.1x is the next secure standard above WEP. But then again, im not exactly positive.

 

[nox]

I wanted to change the Airport WEP security at our School District, using Radius Server. What I found was OpenRadius and FreeRadius. From what I understand and still trying to get a definite answer, is that the Radius support that comes with Airport Extreme only Authenticates MAC Addresses and not User Name and PAsswords. In my opinion All Airport Base stations already come with ID Authentication thats base on MAC addresses why reinvent the wheel.

 

[fryke]

Simple answer? Because you can spoof MAC addresses quite easily. The problem is that if services start using the technology and Mac OS X cannot access such networks out of the box - but WinXP boxes _can_ - this is a problem. Apple should - if possible - just add the thing.