NoCat – Wireless Network Security

By | January 12, 2004

Wireless technology, with its freedom of flexibility, its low cost equipment, provides a powerful solution to connect large numbers of computers through an air-network without cables. Despite of its advantages, if not treated correctly, wireless technology provides a real threat to wireless-based communities and networks.

As the built-in wireless security mechanism, WEP (Wired Equivalent Privacy) has shown its weaknesses, problems and its disability to provide authentication and data integrity checks, more and more third-party tools where developed in order to bolster wireless networks security.

On of these tools is the open source program – NoCatAuth. Herein, a glimpse at NoCatAuth system as a tool for enhancing wireless networks security is given.

Captive Portals

Captive portals became very popular among wireless community and hotspot operator, since they provide user authentication and resource management solutions. The authentication is usually done via a central authentication server and any connections beyond that server are prohibited.

A captive portal operates in two modes when dealing with wireless infrastructure: a closed captive portal and an open captive portal.

In closed operation mode, a user must supply authentication credentials before an access is granted. In open operation mode, the user must accept the terms of use before an access is granted – this mode is usually deployed in public wireless networks.


NoCatAuth is an open source captive portal, which operates in both modes and designed to provide high-level authentication system for gateways. It’s written in Perl and designed to run under Linux. NoCatAuth is comprised of two major components: a gateway service and an authentication service.

The NoCatAuth authentication service component is responsible for presenting a login prompt and as a middle service between the gateway service and the user. If the supplied credentials match the user database, the authentication service sends a PGP singed message to the gateway service, which can now verify the authenticity of the message. To keep user privacy, the authentication credentials are supplied using an SSL web page.

The gateway service is responsible for blocking any data-flow (except the authentication service) until the user is authenticated. Once the authentication process is completed, data-flow is granted.

NoCatAuth becomes the credential backbone in wireless-based communities and networks. That’s not surprising, due to its minimal requirements and its independence of any specific wireless technology.

Leave a Reply