Slashdot Mirror
UN Advised on Wireless Insecurity
otisaardvark writes "There's an article on the BBC about how the UN is being briefed on the problems of wireless networks. Predictable conclusions - security is mainly compromised through human, not technological factors."
>For example, are the data links insecure--I dont
>think so as most are now 128bit encrypted, right?
128-bit encryption without knowing the cryptographic algorithm used is meaningless as a definition of crypto strength, especially if the encryption is badly designed and broken; both of which are true for 128-bit WEP. Do a google search on it and you'll find the papers that describe the vulnerablility, and the tools to exploit it.
WEP is what hapens when non-crypto people design crypto.
Here's a starter link Look at the '802.11 Encryption" section
But surely if you want to provide wireless capabilities on your corporate network you put the access point in a DMZ and have users come in via a VPN, just as if they were working from home and connecting over the "public" Internet.
First thing in a Google search for WEP:f aq.htm l
http://www.isaac.cs.berkeley.edu/isaac/wep-
The difference is that openssl is implemented more rigourously than WEP. IANAC (I am not a cryptographer), but it sound like the WEP folks put it into place without sufficient review and now we are stuck with a less-than-robustly-designed standard.
Sometimes, combining two encryption methods can result in something weaker than either of the two original methods, in that they kind of partially decrypt each other.
There are two kinds of sysadmins: paranoids and losers. I'm both kinds.
You can make wireless (802.1x) as secure as wired by putting all your wireless users on a VPN. Unsecured wireless users are just like having open access to the insides of your network and completely bypassing peripheral security measures like firewalls. The real question is how to make *all* your computing and networking resources more secure. Wirelessness per se won't be the problem.