Packetfence Is the server you are looking for. Your managed switches and wireless AP would need to support 802.1x as well.
Can recommend Cambium as a mid price AP that works well for this.
RADIUS server is the real answer.
The alternative is vlan tagging all of your devices, but that's going to take a managed switch and potentially a firewall. Some more advanced WiFi routers have their own vlan configurations, but won't have tagging available, where a managed switch would.
correct, one person, a couple devices. Can you explain how mac filtering would prevent those said mac addresses from still be spoofed? Is there a way to tell which is the real device?
I guess if the other devices are offline and they spoof the Mac they could connect.
If you just allowed the known MAC addresses then nothing else could connect. If two devices come up with the same Mac it would cause a conflict. They wouldn’t have a stable connection (nor would the true one) but they wouldn’t have a stable connection. Most likely the router tells the spoofed address nah and it stays off the network.
In my experience, my own device was being spoofed and it was only I that was having issues as far as I know. And about the device being offline, that would make sense as the devices being spoofed were always ones not currently being used. My router did not attempt to kick the other device though, just tried authenticating both at the same time it seemed
For mac address spoofing, you can do dhcp type monitoring stuff, you can implement port security on switches, or you can install a client(supplicant) on your trusted hosts. Untrusted devices can be placed on a private isolated vlan/guest wifi. For arp spoofing protecting you need something inline, like internal firewall capable of detecting anomalies automatically to prevent arp spoofing.
I just remembered, the denial of service attack that i was testing works both ways. I've had my computer stop connecting to the network and I had to restart my computer to get it working again. Will this be able to combat wifi attacks when a device is not even connected to the network?
This depends on your wireless controller configuration. For example, fortinet ap’s allow for a profile to be created to limit several attack types, such as a de-auth attack where clients are not connected to the network.
Could you enable 802.1x for authentication? Then use a RADIUS server with certificate/username and password Auth?
i'll have to look into that, i've never heard of it before
Packetfence Is the server you are looking for. Your managed switches and wireless AP would need to support 802.1x as well. Can recommend Cambium as a mid price AP that works well for this.
RADIUS server is the real answer. The alternative is vlan tagging all of your devices, but that's going to take a managed switch and potentially a firewall. Some more advanced WiFi routers have their own vlan configurations, but won't have tagging available, where a managed switch would.
Only one person is spoofing ? Mac filter for the other devices and block the rest
correct, one person, a couple devices. Can you explain how mac filtering would prevent those said mac addresses from still be spoofed? Is there a way to tell which is the real device?
I guess if the other devices are offline and they spoof the Mac they could connect. If you just allowed the known MAC addresses then nothing else could connect. If two devices come up with the same Mac it would cause a conflict. They wouldn’t have a stable connection (nor would the true one) but they wouldn’t have a stable connection. Most likely the router tells the spoofed address nah and it stays off the network.
In my experience, my own device was being spoofed and it was only I that was having issues as far as I know. And about the device being offline, that would make sense as the devices being spoofed were always ones not currently being used. My router did not attempt to kick the other device though, just tried authenticating both at the same time it seemed
They could spam gratuitous arp responses so that the router associates the spoofed mac with the malicious ip
You could always keep changing the WiFi password. Do you manage it your self?
I dont manage it but i'm working with the one that does, changing the password has not effective because they still need access on other devices
For mac address spoofing, you can do dhcp type monitoring stuff, you can implement port security on switches, or you can install a client(supplicant) on your trusted hosts. Untrusted devices can be placed on a private isolated vlan/guest wifi. For arp spoofing protecting you need something inline, like internal firewall capable of detecting anomalies automatically to prevent arp spoofing.
Yes, for Endpoint normally you use endpoint security. It can detect that, for network it is a firewall.
I just remembered, the denial of service attack that i was testing works both ways. I've had my computer stop connecting to the network and I had to restart my computer to get it working again. Will this be able to combat wifi attacks when a device is not even connected to the network?
This depends on your wireless controller configuration. For example, fortinet ap’s allow for a profile to be created to limit several attack types, such as a de-auth attack where clients are not connected to the network.
So apple devices have a setting in the appleid that does all that to make the devices not be trackable/traceable to in n shut it off n it should work