Disney World Goes 802.11b

LighthouseJ writes "Over at CNN they report that Disney World in Florida has a 47-square mile 802.11b wireless LAN through the park with 200 access points. The move comes after visitors complaints that they couldn't use credit cards at every place in the park. Plus, it allows "cast members" to offer guests goods and services anywhere, not restricted to where the credit card machine is at. The man responsible, Murshid S. Khan, Director of Telecommunications and Technology Support sees this as a valuable technology, citing mobility and flexibility as the main reasons for the switch. Khan goes on to say that the system is protected by a 128-bit encryption scheme and software installed to detect intrusions. When he was asked if visitors will have access to the wireless network, CNN quotes him to say: 'We need you to come to the park and enjoy the park,' he said. 'If we start opening Internet cafes, you won't do that.' He's a smart man." So, running AirSnort wouldn't probably be the best idea? *grin*

How long will it be before they get nailed anyway?

[Svartalf]

Unless they're using IPSec or something like it, they're vulnerable. WEP doesn't secure worth spit even with 128 bits because they implemented the whole protocol as an insecure system. Also of note is the fact that there is pretty much no commercial IDS software that would effectively catch someone doing something bogus in time to find them in a wireless context.

It's pure bravado that bases their claims of security- unless they have a security staff sweeping the entire park with DF gear, they're NOT going to catch anyone doing something illegitimate on their WLAN.

who dunnit?

[headwick]

"The man responsible, Murshid S. Khan, Director of Telecommunications and Technology Support"

I graduated UCF with my Computer Engineering Degree in 2000. For our senior design projects, Disney came and solicited us heavily to work on their projects. Free labor, helping a poor college student out with an idea, free labor, did I mention free labor. This project along with several others were mentioned. My comments regarding network security concerns were treated as pessimism. Needless to say I did not lend my time for Disney's free labor.

Re:Probably more protection than WEP

[monkeydo]

According to the presentation the conclusion was that brute forcing WEP keys was _not_ feasable. They concluded it would take >200 days to crack a 40bit key, the attacks against weak ICV's claim to succed in 24-48 hours depending on data flow. If you use equipment that doesn't have the ICV problem and you use WEP correctly you can be relativly safe.
Granted there are attacks against WEP, but they are _trivial_ to defend against if one knows what they are doing. I think Disney probably employs a few network security engineers and consulted with the big boys before they deployed this.
All those who keep claiming that 802.11 is insecure
a) don't really know what they are talking about
and
b) are repeating some other chicken little's BS

WEP can certainly be deployed insecurely, and by default will keep out a determined enemy for less than 2 days, but that does not mean 802.11 cannot be deployed securely. If you use the right hardware and configure it correctly 802.11 is as secure as a wired LAN. Add to that some type of VPN and it's probably more secure than most wired LAN's.

Re:Things the visitor can do besides surf the web

[Christopher+Bibbs]

Disney already has a system in place called SmartPass which allows visitors to "reserve" a place in line so they can go off and do other things (shop) and come back later without having to wait in a huge line. They also get the added benefit of knowing which rides you went on and where you were shopping before hand (your park access card is your room key, park ticket, SmartPass, credit card, Big Brother device, etc).

I won't get into it because it's to OT, but they also have biometric scanners at the gates for season pass holders (no privacy policy, 'natch).