Slashdot Mirror
Fixing Wireless Security By Pulling The Plug
An anonymous reader writes "It seems as though the Japanese government is paying attention to some security concerns of wireless networks, and rather than addressing the problem, taking a more aggressive but perhaps not as thorough approach to the issue at hand. Not very technical, but at least its good to see governments actually doing something about it."
But if it's wireless, how can there be any plug to pull?
I'm a signature virus. Please copy me to your signature so I can replicate.
Has anyone read the new O'Reilly book on securing 802.11b networks? Does it offer any cross-platform, cross-vendor solutions to general 802.11b insecurity?
And if you really want to be secure, unplug your computer from the network completely! No one will be able to hack you then!
BUT WAIT! If they get access to the computer they might, so lets unplug it from electricity, then the data will be REALLY secure.
NO WAIT! What happens if they pull the hard drive out and connect it to another computer? I know, lets chop up the hard drive into little pieces to make sure that doesn't happen, then we'll be REALLY SECURE!
Just don't write any thing down on a piece of paper, you never know into whose hands it might end up.
You can get into a wireless network from VERY far away with the right antennas and equipment. Sensitive data should stay as far away from wireless as possible. The Japanese government did the right thing in pulling the plug. Most companies would just try to use the wireless network anyhow cause they already spent the money on the equipment. Wireless has it's uses. They just do not include sensitive networks.
check out the best blog ever:
http://oehlberg.com
That there's a project on Sourceforge to implement strong encryption on WANs to overcome the WAP problem.
Can anyone elaborate on this, please?
It's Christmas everyday with BitTorrent.
...Pringles have announced record sales, especially among the computing demographic. This announcement also ties in with their plans to introduce MEGA-size Pringles... just for those who can't stop when they pop (or they need extra signal catchment from the bigger tube).
[End Joke]
Are you local? There's nothing for you here!
Casinos and nuclear power plants. Anything that is remotely sensitive is kept off of any network that eventually attaches to the internet. Firewalls, DMZs, encryption, all this stuff is great, but if its really important, no outside connections are the only way to go.
so, I agree with Japan on that. and on the ps2.
Unless you are doing a weekly sweep of your network, and documenting the changes, any network, wired or wireless is suspectable to comprimise.
Using any cheap hub, a few gel cell batteries, and some cat5 wiring knowledge, a person with physical access to the building could hide a 802.11 unit in the ceiling tile, crawlspace, outdoors in the bushes, and for the duration of the charge create a gateway into said network. Add a device (such as the dreamcast) or comprimise a computer internally to broadcast and it becomes darn near untracable.
The major problem with most 802.11 installs is the admin simple does not do enough accounting and locking down on their network. If they would just reject all unknown mac addresses and accept from a known list WITH the added benifit of encypting all the traffic there would be NOTHING to worry about.
Why doesn't someone just point that out to them? Hey Japan out of work IT dude right here in USA--I stay up all night PST playin EQ so we're on the same time zone pretty much (ba-bump)
I can SSH remotely I'll work cheaper than any indian too (baBumpTa!)
The real problem is organizations grip tightly to the idea that physical security exists.
The truth is that its only slighty harder for a attacker to get a physical connection to your network than for that same hacker to sit in your parking lot and wirelessly surf.
But, wait, we have id badges, and a security gurd at the door, no one can get to our cables: I once worked with a guy who was paid to do penetration testing, he spent a week wandering around inside the corporate headquarters, until the company IT director declared his attacks unsuccessful (they had no firewall logs of his intrusions, so he must have not got in.) The IT director was displeased with the final report, showing all the data he had accessed (some from the consoles of the "secure" machines) and with the CEO who had agreed that the testing included physical site security.
It becomes even easier when you accept that the vast majority of intrusions come from inside the company, from people who already likely have access to the network.
Sending confidential data in the clear on a wired or wireless network is not a good idea, period.