Slashdot Mirror

← Back to Stories (view on slashdot.org)

NASA Overcomes 802.11b Wireless Security Flaws

Posted by timothy on from the one-way-to-do-things dept.

4mn0t1337 writes: "Looks like the people at NASA came up with a "solution" to the weak secrutity in 802.11: Bypass it. From the article: "The team also assumed that all information on the network would be subject to eavesdropping, and that no identification information built into 802.11b could be trusted." So they chose to disable it, and set up an 'off-the-shelf PC running the OpenBSD operating system, an Apache web server, the Internet Software Consortium DHCP server, the IPF firewall software' and just depend on the security in protocols the services use. Moral of the story: Ignore the 802.11 security and just tunnel into our access points ..."

5 of 111 comments (clear)

  1. That's a pretty sad response by mesocyclone · · Score: 5, Insightful
    Tunneling works for security, but it is far less flexible than plain old IP connectivity, which is what 802.11b delivers.

    The solution is to *fix* 802.11b's security, which shouldn't be that hard. I believe that simply running the crypto algorithm through a few start cycles, before transmitting, is sufficient to stop the published attacks.

    Whether the fix requires buying new hardware, or flashing old hardware, or just changing drivers, is another question.

    --

    The only good weather is bad weather.

  2. Why did it take this long for people to get it? by Anonymous Coward · · Score: 4, Insightful

    It's really no different then plugging into a hostile, unswitched network. Trust no one! Sure, it's easier to "plug" into a wireless network, but you should never trust any traffic medium. Encryption all the way!

  3. Re: insecure? by Bodero · · Score: 5, Informative
    I love how everyone is spouting "wireless is insecure" but give no real details on how that is.


    The real details are not too hard to find...30 seconds with a search
    engine came up with quite a few references, including:

    http://www.cs.umd.edu/~waa/wireless.pdf

    That document contains a fair number of bibliographical references
    which you might find interesting.


    The principal problem I've found with wireless security is that lots
    of people deploy it poorly - effectively allowing anyone nearby to
    "plug" into their network. Most of the news articles about hacking
    wireless networking are about this kind of insecurity. The implication
    is that when you set up a wireless network you need to use WEP to
    encrypt the connection.


    Some of the more alarming articles suggest that WEP is weak, and so
    can't really be relied upon. If this is correct, then it means one
    must use encryption at a higher level - which is not a trivial
    undertaking. If you can't deploy IPSEC thoughout your network, you'll
    have to put your wireless access points outside of your firewall and
    use VPNs to get in.

  4. Re: Bluetooth by Bodero · · Score: 5, Informative
    It's sure to give both Bluetooth, which was gasping for breath, and HomeRF, which was on a respirator, renewed leases on life. If the powerline networking gear arrives by year end and works as advertised, it will probably win the battle.

    Not really...

    802.11b is seeing high adoption rates in corporate networks. For better or worse, impenetrable security is not usually at the top of the list when choosing a network component. (ahem)

    By starting with a halfway decent basestation that allows for only registered MAC addresses to attach to it, then running some simple Vlan software (with or without WEP) you have an RF network that is as secure as most people *really* need it to be.

    As for Bluetooth, it's reaally not here yet, and it's intended for short-range devices that will most likely require lower throughput's than what 802.11b offers. HomeRF is a sort-of direct competitor, but it also has issues of it's own.

    With the right tools, and some dedication almost any simple network can be cracked. I remember when most people didn't know what "promiscuous mode drivers" were for, and many corporate LANs on simple 10M hubs were easily cracked by patching into an unsecured jack.

    802.11b is gaining a lot of press, and thus attracts more hacker efforts. I can almost guarantee that if HomeRF were the predominant wireless standard, we would be seeing the same hacker tools for it.

  5. Tunneling is not the answer. by davidu · · Score: 5, Interesting


    This solution, far from creative or unique, offers nothing in terms of aiding in the creation of secure PUBLIC networks.

    For example, a college campus can't be expected to teach every student, including the non-geeks how to setup IPsec, port forwarding with SSH, and all other kinds of neat things.

    Granted, Dan Kaminsky gave a talk at DefCon this year on how to seamlessly tunnel your way through 'hostile' networks it still isn't as simple as just renewing your IP and being online.

    One possible solution to secure public nets is similar to the way we validate PGP keys. Face to face signing parties. If I run a public net I'd like to know who is using it. How about you drop by my cafe and just give me your MAC address and I'll add you to the firewall's rulesets. Automatically you now can find out who is in promiscuous mode, who is using all your bandwidth, etc, etc, etc.

    There are many other solutions that aren't as much of a hack as IPSec, ssh tunneling, or any of these other high level obfuscators.

    Thanks,
    David U.

    --

    # Hack the planet, it's important.