Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How secure is Captive portal?

    Captive Portal
    3
    3
    3900
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spd21
      last edited by

      Hi All,

      Prelude

      A little while ago I was tasked with deploying secure WiFi.

      Soon after I came to a realisation that there is only 2 ways you can go with this

      Wifi + SSL authentication
      Wifi + Captive portal (CP)

      SSL authentication does not fit my specification so I had to go captive portal > pfsense

      My implementation is now complete, I have wifi gateways that authenticate clients via CP, with a radius server pointed to AD. So all my WiFi traffic is routed through pfsense and thus Lan services can be firewalled.
      Security is managed in 3 ways.

      1. Wifi Association
      2. CP Authentication
      3. Access restriction (Firewall)

      Question:

      In my understanding when a client authenticates with CP its mac address is added to a list of allowed addresses through CP. But if I can associate with a network I can ARP for MACs and spoof my mac. What then?

      Thank you.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        It's as secure as you're going to get at the gateway level. Your infrastructure at layer 2 (switch and/or AP) has to handle any other bad things that people try to do as that's beyond the firewall's control.

        1 Reply Last reply Reply Quote 0
        • C
          capnsteve
          last edited by

          @cmb:

          It's as secure as you're going to get at the gateway level. Your infrastructure at layer 2 (switch and/or AP) has to handle any other bad things that people try to do as that's beyond the firewall's control.

          +1 - Get better switches

          1 Reply Last reply Reply Quote 0
          • First post
            Last post