Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fixing Wireless Security By Pulling The Plug

Posted by timothy on from the security-through-snippers dept.

An anonymous reader writes "It seems as though the Japanese government is paying attention to some security concerns of wireless networks, and rather than addressing the problem, taking a more aggressive but perhaps not as thorough approach to the issue at hand. Not very technical, but at least its good to see governments actually doing something about it."

4 of 133 comments (clear)

  1. O'Reilly book? by masonbrown · · Score: 3, Insightful

    Has anyone read the new O'Reilly book on securing 802.11b networks? Does it offer any cross-platform, cross-vendor solutions to general 802.11b insecurity?

  2. They did the right thing by humina · · Score: 3, Insightful

    You can get into a wireless network from VERY far away with the right antennas and equipment. Sensitive data should stay as far away from wireless as possible. The Japanese government did the right thing in pulling the plug. Most companies would just try to use the wireless network anyhow cause they already spent the money on the equipment. Wireless has it's uses. They just do not include sensitive networks.

    --
    check out the best blog ever:
    http://oehlberg.com
  3. I do contract work with casinos by JeanBaptiste · · Score: 4, Insightful

    Casinos and nuclear power plants. Anything that is remotely sensitive is kept off of any network that eventually attaches to the internet. Firewalls, DMZs, encryption, all this stuff is great, but if its really important, no outside connections are the only way to go.

    so, I agree with Japan on that. and on the ps2.

  4. IPSEC by mfarver · · Score: 3, Insightful

    The real problem is organizations grip tightly to the idea that physical security exists.

    The truth is that its only slighty harder for a attacker to get a physical connection to your network than for that same hacker to sit in your parking lot and wirelessly surf.

    But, wait, we have id badges, and a security gurd at the door, no one can get to our cables: I once worked with a guy who was paid to do penetration testing, he spent a week wandering around inside the corporate headquarters, until the company IT director declared his attacks unsuccessful (they had no firewall logs of his intrusions, so he must have not got in.) The IT director was displeased with the final report, showing all the data he had accessed (some from the consoles of the "secure" machines) and with the CEO who had agreed that the testing included physical site security.

    It becomes even easier when you accept that the vast majority of intrusions come from inside the company, from people who already likely have access to the network.

    Sending confidential data in the clear on a wired or wireless network is not a good idea, period.