Captive portal security



  • I read recently some Papers about authentication of  the WLAN users through Captive portal .
    and as it was written in these papers that Captive Portal is something very easy to circumvent  using either ARP spoofing  or man in the middle .
    because they said that after the client being authenticated , it will be recognized by Captive portal system through his MAC address and IP address.
    so any attacker could use some wireschark or sniffing tool to get the MAC  and IP addresses of the Victim , and can make use of them to access the Internet without being authenticated.

    Any body knows how Captive Portal in Pfsense is built?
    which type of redirection does it use ? HTTP redirection, IP redirection or DNS redirection?
    what are the necessary security precautions must we use together with captive portal to make it more secure? for example must we configure snort service on the captive portal interface to enhance security using Intrusion detection  ? what is else we can combine with Captive portal to enhance  Security.

    Thanks for your Feedback

    Yaman Amin



  • That question has no relation to captive portals specifically. Ours enforces IP and MAC associations, but whether those are coming from the appropriate system is impossible to determine once traffic reaches that level. Something to ask your wireless AP vendor. For wifi clients, the AP is the only thing that can prevent such things.



  • To gain more security, the first step would be : do not use radio (Wifi, whatever) devices.
    "Cable" everything ….



  • @Gertjan:
    Thanks for your reply, i didnt get you exactly, i am using Captive Portal for WLAN Network .
    what do you mean dont use radio(wifi,…), do you mean as aconnection between Access Point (APs) and Core Network?
    so you mean every thing between AP and Core network should be cable connecting?



  • I also intersted to know is there any special Firewall rules can I configure to get the best security features , in my acptive portal WLAN Network
    I decided to deploy Snort , kindly ask you if there is other packages or rules can man use to enhance security?
    thanks for feed back



  • @yaman.amin:

    @Gertjan:
    Thanks for your reply, i didnt get you exactly, i am using Captive Portal for WLAN Network .
    what do you mean dont use radio(wifi,…), do you mean as aconnection between Access Point (APs) and Core Network?
    so you mean every thing between AP and Core network should be cable connecting?

    No.
    Ditch the AP (the 'box' that converts electric signals on a Cat5/6 câble to radio signals) because radio signals can be intercepted, retransmitted, etc by everybody …
    The physical part of the captive portal function that pfSense offers is nothing more as a "RJ45" connection. Nothings obliges you to use AP's ...
    I propose : use secured optical fibre connections. Only then the transmission becomes somewhat "secure".

    Using a "captive portal" doesn't means you should use AP's ... that your interpretation ;)

    Btw : Wifi, but also CPL, Bleutooth, etc .... if security is an issue, forget about these ..



  • @yaman.amin:

    I also intersted to know is there any special Firewall rules can I configure to get the best security features , in my acptive portal WLAN Network
    I decided to deploy Snort , kindly ask you if there is other packages or rules can man use to enhance security?
    thanks for feed back

    Snort will prevent this kind of event?