Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Year 2003 in Wireless Network Security

Posted by CowboyNeal on from the hindsight-being-what-it-is dept.

OenMarK writes "I ran into an article that is basically an overview of events, software releases, and happenings related to wireless security. There's also a Q&A with some wireless security experts, one of which is from IBM. What's your take on wireless security? Are we there yet?" This is the same site that also hosts the look back at Linux security we posted earlier. They complement each other well.

2 of 66 comments (clear)

  1. Are we there yet? by TechyImmigrant · · Score: 4, Interesting

    Are we there yet? Lets see..

    1) 802.11i is still not yet approved as a standard
    2) WPA (the impetuously released TKIP variant) is not widely available and like 802.11i relies on 802.1X.
    3) 802.1X has been withdrawn by the IEEE pending a re-write. Its broken for wireless. Don't expect to see the revision any time soon.
    4) No semblance of a seamless, inter operator, inter hotspot, non web-pagey user authentication scheme for mobile devices is widely deployed for 802.11.
    5) Other wireless networks that are deployed are insecure (E.G. GSM)

    I think maybe there's a way to go yet.

    --
    Evil people are out to get you.
  2. Physical perimeter security on 802.11 by mkgray · · Score: 2, Interesting

    My company (Newbury Networks, Inc.) makes a product that provides physical perimeter security on 802.11. It uses our location-tracking technology to identify the location of all 802.11 traffic and can then both report and classify traffic as well as deny access to devices outside your physical perimeter. While some security problems remain, this largely mitigates the "attacker in the parking lot" scenarios.

    Most people assume that wireless security cannot be coupled to physical security. If you can keep people outside your building off your network, it's a whold different ball game. This essentially eliminates spoofing problems because it doesn't matter if you're spoofing if you're outside. Obivously, internal threats are still an issue and any security system should be multi-factor. Location is simply a key element that it's hard to provide for wireless.

    (I hope this isn't taken as inappropriate product pushing, but I believe it is a useful and relevant solution to many wireless security problems)