NASA Overcomes 802.11b Wireless Security Flaws

4mn0t1337 writes: "Looks like the people at NASA came up with a "solution" to the weak secrutity in 802.11: Bypass it. From the article: "The team also assumed that all information on the network would be subject to eavesdropping, and that no identification information built into 802.11b could be trusted." So they chose to disable it, and set up an 'off-the-shelf PC running the OpenBSD operating system, an Apache web server, the Internet Software Consortium DHCP server, the IPF firewall software' and just depend on the security in protocols the services use. Moral of the story: Ignore the 802.11 security and just tunnel into our access points ..."

NASA bypasses 902.11b flaws

[FreeMars]

Hmmm. Not so much a bug fix as a work around

That's a pretty sad response

[mesocyclone]

Tunneling works for security, but it is far less flexible than plain old IP connectivity, which is what 802.11b delivers.

The solution is to *fix* 802.11b's security, which shouldn't be that hard. I believe that simply running the crypto algorithm through a few start cycles, before transmitting, is sufficient to stop the published attacks.

Whether the fix requires buying new hardware, or flashing old hardware, or just changing drivers, is another question.

Why did it take this long for people to get it?

It's really no different then plugging into a hostile, unswitched network. Trust no one! Sure, it's easier to "plug" into a wireless network, but you should never trust any traffic medium. Encryption all the way!

How secure is TCP/IP over wire? Not much.

WEP should be viewed as a means of thwarting casual snooping, just as having separate 10BaseT cables for each computer hampers casual snooping. But unencrypted network traffic is ALWAYS vulnerable to snooping, so claiming 802.11b is fatally insecure is foolish. Unencrypted traffic should always be viewed as insecure.

Major league insecure

this "solution" is wide open to man-in-the-middle attacks. Tomorrow, I'll drive up there and setup my own DHCP server on their intentionally-WEP-disabled network. I'll hand out MY server's IP as the DNS server, and tell them to HTTP/HTTPS to MY server. I'll collect their usernames/passwords, send them a "site down for maintenance, try again later" message, and cruise through the real front door myself. Sheesh.

Re: Bluetooth

[fwr]

You're kidding right? "registered only MAC addresses" security is a joke. It's such a management nightmare when you're talking about a significant number of users on a wireless network, think quite a few hundred to thousands of docs and nurses on a hospital network, that it's practically unmanageable. The only real solution is to use VPN technology. And what does VLAN software have to do with security? When you say that MAC address lists and VLAN software (whatever that's supposed to give you) makes an RF network as secure as most people *really* need to be you obviously are only thinking about breaking in and not just covert observation and data gathering. Think about HIIPA. If someone is able to gather packets on an RF network (which is relatively easy to do) then restricting which MAC addresses can get INTO the network is next to useless. The concern is people seeing confidential medical information going across the RF network, and limiting MACs does nothing to secure that information. I don't know how VLANs would help in this either. Sounds like you just through that word in there without knowing what you're talking about. And no, I don't think the 802.11b protocol can be "fixed" from a security perspective without making it an essentially new protocol that will not be compatible with all the existing equipment. Sure, it could be "backwards compatible" but then only new equipment would benefit from the enhanced security.