[CentOS] RADIUS

Fri Mar 2 17:51:31 UTC 2018
Stephen John Smoogen <smooge at gmail.com>

On 2 March 2018 at 12:07, hw <hw at gc-24.de> wrote:

>>
>> Oh yeah. Who ever gave you those marching orders needs to talk with
>> all kinds of lawyers... even researching for it might be problematic
>> in some countries due to a multitude of laws. You are walking out of
>> setting up a wireless environment into full-scale surveillance.
>
>
> That´s not my problem to solve, but think about it:  You can get a lot more
> information using CCTV cameras, and those are everywhere.  Unfortunately,
> nobody cares, and it´s not like you have a choice.  So why would there
> be any legal issues?
>

1) Devices which omit radio frequency wavelength radiation are covered
by different laws and agencies than those which emit light based
radiation. This means that the agency that says you can put in a cctv
may not be the same as the one that allows you to put in a RF sensor.
2) There are laws using where monitoring of the public can happen and
where the monitoring devices can be placed and what information can be
kept on them. These are covered from everything from local to EU laws.
The laws can also be conflicting and need careful consideration.
3) Depending on the location this occurs, it is your problem to bring
up if you are aware that it could be a problem. The "I was only
following orders" defense has been thrown out for people and the
engineers/custodians who put the stuff in were found liable for
damages as much as the boss who said to do it.

That is all I am going to say on this as it is up to your location and
situation. Other people coming into this conversation years later will
be on different laws and rules.

>> That said, what you are looking for is not going to be accomplished
>> with simple radius without a large amount of development. It is also
>> going to need a lot of wireless sensors running at different
>> frequencies through out the building. Most of that is done usually
>> with special commercial hardware/software and falls outside of scope
>> of this list by a mile.
>
>
> RADIUS would only be a tool to use for authentication and perhaps
> accounting.

Depending on the hardware used. If the hardware bought only works with
AD, RADIUS isn't going to help at all.

> Figuring out where users are is an entirely different problem.
>
>> RADIUS may be something that is done with all of this but only far way
>> back in the chain of tools needed. It might be something that the
>> specialized hardware, scanners, sensors, etc might tie into if they
>> don't have their own specialized tool. Worrying about it before those
>> are researched, etc is to use an English idiom: putting the cart
>> before the horse.
>
>
> I´m surprised that wireless access point controllers, by default, do not
> use the strength of the signal received from a device by three or more
> access
> points to simply triangulate the position of the device.  Of course, you
> only get the positions of devices relative to access points, but once you
> have that, you only need to use a map of the place that shows all the access
> points and the positions of devices relative to them to figure out where
> everyone is.
>
> That´s a rather simple thing to do, isn´t it?  Some documentation of HPs
> MSRs
> stated that the controller can distribute the wireless devices between
> access
> points to even out the bandwidth, and if it can do that, it could as well
> distribute them for triangulation.
>

It isn't. Wireless is much noisier and uses longer wavelengths than
light. It is like walking through a hall of mirrors with sunglasses
on. You are only able to see certain things, lots of things reflect,
everything within sensor range which is broadcasting is showing up
even if it is a different SSID, and a ton of other items. This means
that where you might only need 2 sensors for light, you need dozens to
hundreds for radio waves. However the more sensors you have, they also
may reflect, rebroadcast, dampen, ghost echo signals. Then you have
the fact that RF is absorbed by water and people are giant bags of
water. You need to put sensors at different heights, etc etc.

This is where the 3rd parts hardware and software comes in. You need
to map the empty room, map the room with noise, map the room with
people in it without sensors and then map the room with how you want
it to work. The software then does a huge data dump and lots of
Fourier transforms and trig to figure out where a 'live' feed may look
like. You still have to go in and massage it at times because all it
takes is some metal object being walked through the room and it is all
off for N minutes.

In any case, this is a different problem and completely tangential to
either CentOS or RADIUS.

-- 
Stephen J Smoogen.