Slashdot Mirror

Sommelier writes "As reported by KATU in Portland, Oregon, a man was arrested for parking outside a coffee shop in nearby Vancouver, Washington, and using their open wireless AP — for three straight months. '"He doesn't buy anything," Manager Emily Pranger says about the man she ended up calling 911 about. "It's not right for him to come and use it."' Turns out the guy was a registered sex-offender as well." A different computer expert might have pointed out some ways to see if anyone is piggybacking on a wireless signal (many APs have a Web-interface client list), or even suggested something like NoCatAuth.

Rob Flickenger writes "This month's freely downloadable SeattleWireless TV show is out. Continuing with the Big Brother theme, Drew from WiFimaps.com interviews Special Agent Tom Grasso of the National Cybercrime, Forensics, and Training Alliance (at the FBI) about wardriving and wireless. This episode also features Gerry Curry's deployment of wireless in the rural Nova Scotia, Canada, and Danny Dinneen from Ireland introduces the Cork Wireless community network project. The show is downloadable in Windows Media, RealMedia, and BitTorrent MPEG formats."

Rob Flickenger writes "This month's SeattleWireless TV show reveals how the Yakima County Police have built a wireless infrastructure using Cisco Aironet products. Utilizing omni and directional antennas, they cover 650 sq miles with just 8 access points. There is also a segment on the NzWireless group's wireless treasure hunt, where users roamed around the city plotting hidden access points set up for the hunt." Note the bittorrent link.

Michael Pierce writes "SeattleWireless TV has done it again! This months SeattleWireless TV show features an Interview with Rob Flickenger the inventor of the pringles cantenna and co-author of Nocat, an open source wireless captive portal. Then we have a chance to hear from Risto Koiva about his remote controlled helicopter with a 2.4ghz installed camera and gps unit, learn about the Personal Telco Project out of Portland, Oregon and finally a product review on the new WatchGuard SoHo 6 wireless firewall. Download the Mpeg version here or Watch the Windows Media Stream here, or the RealPlayer stream here."

Rob Flickenger writes "While poking around on the Linksys WRT54G (one of the new Linux 2.4.5 based APs) at a SeattleWireless Hack Night session, we noticed a number of binaries in their firmware (including Zebra, PPP 2.4.1, and iptables to name three) that are released under the GPL, some of which are obviously modified. The question is, where is the source code to Linksys' modifications? Their "GPL Code Center" has the packages, but they are the pristine distributions, without any changes whatsoever. I've asked Linksys for clarification, but given Linksys' customer service reputation, I highly encourage other interested parties to ask them as well. More details are up on my weblog on oreillynet.com."

cascadefx writes "O'Reilly's Hacks page has a really great article about a wireless access point that was on display at the recent Emerging Technology Conference. The folks at NoCat.net rigged up a Siemens Speedstream series access point with a low power ultraviolet light to create a wireless lightbulb. Just screw it in place and combine powerline ethernet with a wireless network... and a light, to create a wireless lightbulb. Ubiquitous networking, here we come."

belial writes "The FreeNetworks Conference is in less than a month (June 6-8). If you want to find out what's happening in the Community Wireless Network world, this is the place to be. Keynotes include Tim O'Reilly, Cory Doctorow from BoingBoing, and a whole gaggle of wireless geeks from the FreeNetworks community. Find out about the latest happenings from BAWUG, Consume, NoCat, NYCWireless,SeattleWireless, WirelessLeiden, and more!"

JadeSky writes "Having played around with wireless networking at home a little bit, and then being faced with implementing a wireless network at the office for the purposes of in-house customer training in a cosmetically clean room (wires are ugly), I had been thinking for some time about the best way to implement a secure wireless networking solution. Amusingly enough, shortly after the idea of a wireless network at the office came up, I managed to win 802.11 Security in a raffle at the Kernel Panic Linux Users' Group monthly meeting. The book was thoughtfully donated (with a few others) by O'Reilly on the condition that the recipients contribute reviews. Since I've found the book genuinely helpful, I thought I'd let others know, and hence, my first Slashdot book review. Hooray!" This book emphasizes a multi-layer approach to wireless security; read on for more of JadeSky's review. 802.11 Security author Bruce Potter and Bob Fleck pages 192 publisher O'Reilly rating very good reviewer Gregory Ruiz-Ade (JadeSky) ISBN 0596002904 summary Securing wireless networks

With the amazing proliferation of wireless networks these days, there seems to be constant churning about how best to secure them, while at the very same time, barely anybody is actually doing anything about it. Potter and Fleck have offered up this little book, 802.11 Security, as a no-nonsense guide to understanding the problem of wireless networking security (or, as the case may be, the complete lack thereof) as well as demonstrating how to implement viable solutions.

Straight from the horse's mouth, "This book is aimed at network engineers, security engineers, systems administrators or general hobbyists interested in deploying secure 802.11b-based systems." The greatest attention is given to Linux and FreeBSD systems, though OpenBSD, Mac OS X and Windows are covered as client systems, too. The authors split the book into four parts: "802.11 Security Basics (Part I)," "Station Security (Part II)," "Access Point Security (Part III)," and "Gateway Security (Part IV)."

Part I, "Security Basics," gives a very good introduction to the concepts of wireless communications. Chapter 1 explains how radio transmissions work (and how antenna shapes affect them), and why radio transmissions are inherently insecure (i.e., anyone with an antenna in range can listen in). 802.11 is explained, as well as WEP, and WEP's problems. Chapter 2 describes in detail the risks involved with wireless networking, and gives examples of types of attacks which can be performed against wireless networks.

Part II, "Station Security," outlines in great detail what you need to do to make sure your wireless network clients are as secure as possible. We're given two goals for client station security: prevent any access to the client systems, and make sure that the clients speak secure protocols for any network services they access. To the paranoid, both these goals are rather obvious, but they're important enough that the authors spent time explaining them. They follow with a couple paragraphs on logging and security updates on the client systems, and the rest of Part II (Chapters 4 through 8) give specific information on how to best secure client systems of various OSes.

Part III (Chapter 9, really), "Setting Up an Access Point," delves into the intricacies of setting up and securing a wireless access point, from generic advice on how to configure access point appliances to more specific instructions on configuring host-based access points running Linux, FreeBSD and OpenBSD. Comparatively little time is spent on host-based access points in the book, probably because most people generally don't do things things way since access point appliances are so cheap and simple to configure/install.

The remainder of the book is spent on Part IV, "Gateway Security" (Chapters 10 through 15), which describes the infrastructure end of how most wireless networks will likely end up being integrated to wired networks. Basic suggestions for structuring the combined networks are given, and follow what I'd consider to be really good advice: wireless networks should be on their own interface of the gateway (or firewall), physically separated from both internal networks and the Internet. The authors strongly recommend against simply attaching the access points to the internal network, as that introduces too many security risks (an example involving ARP poisoning is given to illustrate why and how). The next three chapters detail the configuration of Linux, FreeBSD and OpenBSD as a secure gateway.

Chapter 14, "Authentication and Encryption", introduces the idea of using strong authentication and encryption mechanisms outside of WEP, using NoCat (which will run on Linux, FreeBSD and OpenBSD) and WiCap (for OpenBSD only) for authentication and IPSec for strong encryption. The idea the authors present here is that for the most secure setup, in addition to enabling strong WEP (as detailed in the rest of the book), your wireless network is set up to not allow clients access to anything until they are authenticated. Then, and only then, the gateway will allow wireless clients to access other network segments (i.e., the internal LAN, and/or the Internet), but only if all the communications over the wireless segment are done through secure tunnels. Sadly, the authors neglected to mention OpenBSD's, Windows 2000's or XP's ability to do IPSec, and their treatment of IPSec for FreeBSD and Linux certainly isn't very detailed, though pointers are given to the appropriate web sites for more information. 802.1x authentication (physical port authentication) is also explained in some detail, though it is of little use, since very little equipment deployed today has support for it. It is an interesting concept, though.

Closing out the book, Chapter 15 is appropriately titled "Putting It All Together." Here we get a final overview of all the pieces as well as how they fit together, and how certain aspects of the system as a whole affects both the administrators and the users of the system.

Overall, I'd have to say that this is exactly the type of "security in depth" book I've been needing to help me figure out how best to implement wireless networking at the office with minimal risk to the rest of the network. The authors write in a very approachable style and do a very good job of giving the necessary background before launching into any detailed discussions. I would highly recommend this book to anyone considering installing wireless networking without wanting to simultaneously install a simple back door to their network. Honestly, I haven't found much to complain about.

I'm of the opinion that, after reading this book, and using it as a guide to setting up a secure wireless network, I'll be able to sleep at night. Even though people can still war drive (or even war fly) and find your access points, even if they managed to crack the WEP keys and associate to the AP, the network will still be secure because of the multiple layers that have been put in place.

You can purchase 802.11 Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Rob Flickenger writes "I for one am sick and tired of all of the work it takes to build out wireless community networks. Evidently, so was the Linksys Community Network: a Real Network project for the masses. It's about time somebody did something to bring Wi-Fi to the People."

tadghin writes "Rob Flickenger has an amazing take on what's happening in the wireless noosphere at the O'Reilly Emerging Technologies Conference. Rob used EtherPeg, a great Mac OS X hack that lets you see the GIFs and JPEGs flying around on the local network, to key off on an amazing visual commentary on what people were doing during Steven Johnson's keynote."

Some random reader points us to this story about community wireless networking in the UK. Not really any new news, but maybe the publicity will get more people involved. As usual, if you want to set up your own node, you can start at Nocat or PersonalTelco.

LinuxCare founders Dave Sifry, Art Tyde and Dave LaDuke have started their second company: Sputnik. Basically, they have an ISO you can download that will turn a laptop with an 802.11b card into a wireless gateway. They also wrote a user-authentication scheme that reroutes all traffic to the gateway until the user logs in via a web form. This should sound familiar to people who stay in broadband capable hotels a lot. Using this authentication technique, the software allows you to choose who can and cannot use your gateway, and in you'll be able to charge strangers for access (with Sputnik handling the billing). This will likely get some isps a wee bit upset. NewsForge has an article detailing what they are doing. Update: Turns out the authentication wasn't written by Sputnik, my bad. They use NoCatAuth Disclaimer: I've known these guys for a long time and am pals with them, so I waited until someone else (in this case Grant at NewsForge and the NYT) put something up independently about them before linking to them.

bgood writes: "O'Reilly Network has an interesting article on authentication for wireless networks. The author discusses both the technical aspects, specifically NoCatAuth, and the overall context of why someone would choose (or not choose) to monitor or track the use of their wireless network. While geared towards network neighborhoods, the article definitely has applicability in more formal settings."