Fixing Wireless Security By Pulling The Plug

An anonymous reader writes "It seems as though the Japanese government is paying attention to some security concerns of wireless networks, and rather than addressing the problem, taking a more aggressive but perhaps not as thorough approach to the issue at hand. Not very technical, but at least its good to see governments actually doing something about it."

I'm pretty sure

[TerryAtWork]

That there's a project on Sourceforge to implement strong encryption on WANs to overcome the WAP problem.

Can anyone elaborate on this, please?

The obvious next step

[burgburgburg]

If they've shut down the wireless networks because they can't be adequately secured, how long before they get rid of the Microsoft networks? After all, computer consultant Tanabe was already complaining that "Data can easily be stolen or altered. Or the opening can be used to spread viruses or other misdeeds." Now if that doesn't describe Microsoft, I don't know what does.

Security is in the eyes of the beholder.(or admin)

[t0qer]

Unless you are doing a weekly sweep of your network, and documenting the changes, any network, wired or wireless is suspectable to comprimise.

Using any cheap hub, a few gel cell batteries, and some cat5 wiring knowledge, a person with physical access to the building could hide a 802.11 unit in the ceiling tile, crawlspace, outdoors in the bushes, and for the duration of the charge create a gateway into said network. Add a device (such as the dreamcast) or comprimise a computer internally to broadcast and it becomes darn near untracable.

The major problem with most 802.11 installs is the admin simple does not do enough accounting and locking down on their network. If they would just reject all unknown mac addresses and accept from a known list WITH the added benifit of encypting all the traffic there would be NOTHING to worry about.

Why doesn't someone just point that out to them? Hey Japan out of work IT dude right here in USA--I stay up all night PST playin EQ so we're on the same time zone pretty much (ba-bump)
I can SSH remotely I'll work cheaper than any indian too (baBumpTa!)

802.11 is broken

[tstoneman]

I just got my Linksys wireless bridge and AP over Christmas because I got sick of tripping over all the wires in my apartment.

After I bought it and plugged it in, and I sat down and read up on security, and I was simply shocked at how the Linksys equipment have completely zero security.

The most you can do to protect yourself is:

1) disable SSID broadcasts
2) filter based on MAC addresses
3) use 128 bit WEP to obfuscate your data to only the casual

Of course, WEP can be broken by any hacker worth his-or-her salt, and filtering based on MAC addresses doesn't work because you can spoof MAC addresses. There is zero security from a determined hacker.

The Linksys APs also have a severe security issue where anyone can get the ssid through a simple udp broadcast, meaning they don't even need a valid IP address. Once they get your SSID, it makes it way easier to connect to the AP.

From what I've heard, Linksys even isn't doing anything about it.

It really seems as though 802.11X is going to only find a place at home where consumers care more about getting rid of wires than about security. There is no valid reason for a business or governments, where their information is worth much much more, to be using such a security-free mechanism.

I'm okay because I needed the wireless stuff for my gf's computer, and all she does is surf the web. I put in place a FreeBSD firewall just in case, so I'm not too worried about my neighbors or wardrivers getting connected. But for those people that don't care about security, this is probably the way that untraceable hacking in the 21st is going to go through - via some idiot that left his 802.11b connection open to hackers that live across the street, or just happened to pull by in their car to try and hack into some military site, etc.