Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Year 2003 in Wireless Network Security

Posted by CowboyNeal on from the hindsight-being-what-it-is dept.

OenMarK writes "I ran into an article that is basically an overview of events, software releases, and happenings related to wireless security. There's also a Q&A with some wireless security experts, one of which is from IBM. What's your take on wireless security? Are we there yet?" This is the same site that also hosts the look back at Linux security we posted earlier. They complement each other well.

4 of 66 comments (clear)

  1. VPN... by craenor · · Score: 4, Informative

    Just have your wireless devices set to a DMZ that opens to one page, a VPN portal. Then you have a wireless connection, with VPN providing your security. Voila...a little bit more cumbersome, but isn't your network integrity worth it?

    1. Re:VPN... by JKR · · Score: 3, Informative
      Or use WPA with RADIUS, and centralise all your external authentication. Based on my experiences with a NetGear FWAG114, that would be my preferred option.

      Jon.

    2. Re:VPN... by Brushfireb · · Score: 3, Informative

      Sure, VPN will do it, but it will eat up your bandwidth too.

      Anyone who has done any significant work with large-scale wifi infrastructure knows this, any form of VPN will eat 20-30% of your bandwidth away just for itself. This is very bad for networks with hundreds (thousands) of users, like large corporations and universities.

      In cases like those, WPA/Radius is a better implementation, or you can use CISCO proprietary LEAP (i think..). They wont eat your bandwidth for breakfast, but they will provide security that is 100x better than WEP (what a joke).

      Combining this with some simple form of network authentication (authenticated DHCP, nocat, or whatever) works pretty darn well.

  2. Always use backend security by bagboy · · Score: 3, Informative

    Despite the advances made in 802.11i - WAP/TKIP (TLS/TTLS/EAP/PEAP) - the best solution is "on-the-wire". 3DES IPSEC and now SSL Tunneling are two examples we are using to avoid new exploits as hacks become available for the wireless standards. The above are tried and true methods of encrypting data. If the end user simply runs a client (3DES IPSEC) or uses the well known SSL standard (no client needed) between themselves and your NOC/Colo/Facilities - you can gaurantee a measure of security for their data.