The Year 2003 in Wireless Network Security

← Back to Stories (view on slashdot.org)

The Year 2003 in Wireless Network Security

Posted by CowboyNeal on Saturday December 27, 2003 @05:03AM from the hindsight-being-what-it-is dept.

OenMarK writes "I ran into an article that is basically an overview of events, software releases, and happenings related to wireless security. There's also a Q&A with some wireless security experts, one of which is from IBM. What's your take on wireless security? Are we there yet?" This is the same site that also hosts the look back at Linux security we posted earlier. They complement each other well.

6 of 66 comments (clear)

Min score:

Reason:

Sort:

VPN... by craenor · 2003-12-27 05:17 · Score: 4, Informative

Just have your wireless devices set to a DMZ that opens to one page, a VPN portal. Then you have a wireless connection, with VPN providing your security. Voila...a little bit more cumbersome, but isn't your network integrity worth it?
1. Re:VPN... by JKR · 2003-12-27 05:21 · Score: 3, Informative
  
  Or use WPA with RADIUS, and centralise all your external authentication. Based on my experiences with a NetGear FWAG114, that would be my preferred option.
  Jon.
2. Re:VPN... by Brushfireb · 2003-12-27 05:39 · Score: 3, Informative
  
  Sure, VPN will do it, but it will eat up your bandwidth too.
  
  Anyone who has done any significant work with large-scale wifi infrastructure knows this, any form of VPN will eat 20-30% of your bandwidth away just for itself. This is very bad for networks with hundreds (thousands) of users, like large corporations and universities.
  
  In cases like those, WPA/Radius is a better implementation, or you can use CISCO proprietary LEAP (i think..). They wont eat your bandwidth for breakfast, but they will provide security that is 100x better than WEP (what a joke).
  
  Combining this with some simple form of network authentication (authenticated DHCP, nocat, or whatever) works pretty darn well.
3. Re:VPN... by Brushfireb · 2003-12-27 05:44 · Score: 2, Informative
  
  One more thing... The reason that something like A VPN is useful, which I forgot to point out (that you were perhaps hinting at), is that Universities jumped on board too quickly, and they now have boatloads of 802.11b equipment floating around. In such a case, VPN is really their only option, all bandwidth issues aside. They could potentially use the CISCO stuff, but that would mean that ALL users would need cisco cards, something which is NOT possible on large universities (they will see everything from high end proxim/cisco cards all the way down to dinky D-Link shit in the dorm rooms).
  
  So, when dealing with 802.11b, VPN is really your only decent option, even if it does drive your bandwidth to shit.
Always use backend security by bagboy · 2003-12-27 05:20 · Score: 3, Informative

Despite the advances made in 802.11i - WAP/TKIP (TLS/TTLS/EAP/PEAP) - the best solution is "on-the-wire". 3DES IPSEC and now SSL Tunneling are two examples we are using to avoid new exploits as hacks become available for the wireless standards. The above are tried and true methods of encrypting data. If the end user simply runs a client (3DES IPSEC) or uses the well known SSL standard (no client needed) between themselves and your NOC/Colo/Facilities - you can gaurantee a measure of security for their data.
China to Split Wi-Fi Security Standards by mesocyclone · 2003-12-27 08:00 · Score: 2, Informative

probably the most important news is that China will disallow standard 802.11 WEP security and mandate its own standard - WAPI for all Wi-Fi in the country. This could have wide ranging implications, from splitting the market to leading to a possibly improved system (on first glance, WAPI beats WEP hands down, except for privacy implications - big surprise) for the world.

In any case, it is a dramatic development.

--
The only good weather is bad weather.