Slashdot Mirror
The Year 2003 in Wireless Network Security
OenMarK writes "I ran into an article that is basically an overview of events, software releases, and happenings related to wireless security. There's also a Q&A with some wireless security experts, one of which is from IBM.
What's your take on wireless security? Are we there yet?" This is the same site that also hosts the look back at Linux security we posted earlier. They complement each other well.
...gives the Microsoft security staff something to look down on.
A study of honeypot projects that showed most wi-fi abuse was "bandwidth stealing" doesn't exactly fill me with a sense of dread. More useful would have been a list of attempts hackers sitting outside of unsecured businesses trying to get at the corporate data.
Or are they trying to lull potential customers into a false sense of security?
John
Just have your wireless devices set to a DMZ that opens to one page, a VPN portal. Then you have a wireless connection, with VPN providing your security. Voila...a little bit more cumbersome, but isn't your network integrity worth it?
Despite the advances made in 802.11i - WAP/TKIP (TLS/TTLS/EAP/PEAP) - the best solution is "on-the-wire". 3DES IPSEC and now SSL Tunneling are two examples we are using to avoid new exploits as hacks become available for the wireless standards. The above are tried and true methods of encrypting data. If the end user simply runs a client (3DES IPSEC) or uses the well known SSL standard (no client needed) between themselves and your NOC/Colo/Facilities - you can gaurantee a measure of security for their data.
Wireless has no such limits. This is even skript kiddie level stuff.
This is my report on it.
On Linksys' site they have 7 things people should do to keep their wireless network safe:
1. Change the default SSID.
2. Disable SSID Broadcasts.
3. Change the default password for the Administrator account.
4. Enable MAC Address Filtering.
5. Change the SSID periodically.
6. Enable WEP 128-bit Encryption. Please note that this will reduce your network performance.
7. Change the WEP encryption keys periodically.
Now your telling me average joe (or administrator) is going to preform all these tasks, and remember to regularly change the WEP encryption keys. This is a problem, and until security setup and mantainance is automated and/or easy enough for the everyday folk, there is going to be a continual growth of attacks on these type of networks.
------------
Are we there yet? Lets see..
1) 802.11i is still not yet approved as a standard
2) WPA (the impetuously released TKIP variant) is not widely available and like 802.11i relies on 802.1X.
3) 802.1X has been withdrawn by the IEEE pending a re-write. Its broken for wireless. Don't expect to see the revision any time soon.
4) No semblance of a seamless, inter operator, inter hotspot, non web-pagey user authentication scheme for mobile devices is widely deployed for 802.11.
5) Other wireless networks that are deployed are insecure (E.G. GSM)
I think maybe there's a way to go yet.
Evil people are out to get you.
Up here in central Canada, early 2003 showed a nice, gradual uptake in wireless equipment by the business sector, and a few tech-heads putting it in their houses. Now that xmas is over, and stores were selling APs for as little as $15 (cdn) after rebates, I'm seeing almost a 10-fold increase in the number of hotspots compared to June of this year.
:)
I see a couple of trends on the horizon:
1. Just as you can no longer buy a 10mbit hub, because a 10/100 switch costs pennies more to make, soon all home cable/DSL routers will come with 802.11b at the very least. The "premium" models will include g for $5-10 more, to keep some price differentiation happening.
2. Back when it was us geeks and businesses, the WEP/non-WEP ratio seemed to hover around 50-75%, depending on area. Driving around last night, it's below 10%. This could be an indication of new xmas presents that the owner hasn't had time to configure, but really: how many people actually change from the default settings? (On that note, thank you SMC for having a blank default password and an SSID of "SMC"
Just the changes in the past 12 months have convinced me that 2004 will be the year wireless really takes off everywhere up here, and as long as it's still being shipped unsecured to the consumer, we're soon going to have a LOT more opportunity for this sort of thing.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
No more worries about wireless security alerts, finicky configurations, key management, weird drivers, setting up VPNs within my own house, strange network freezeups or having to read articles to keep on top of it all.
To me, keeping my mind uncluttered and free from all that minutia is worth the ugliness of a few network cables.
My company (Newbury Networks, Inc.) makes a product that provides physical perimeter security on 802.11. It uses our location-tracking technology to identify the location of all 802.11 traffic and can then both report and classify traffic as well as deny access to devices outside your physical perimeter. While some security problems remain, this largely mitigates the "attacker in the parking lot" scenarios.
Most people assume that wireless security cannot be coupled to physical security. If you can keep people outside your building off your network, it's a whold different ball game. This essentially eliminates spoofing problems because it doesn't matter if you're spoofing if you're outside. Obivously, internal threats are still an issue and any security system should be multi-factor. Location is simply a key element that it's hard to provide for wireless.
(I hope this isn't taken as inappropriate product pushing, but I believe it is a useful and relevant solution to many wireless security problems)
WEP works just fine for certain things. For example, keeping people from abusing my internet connection, downloading child pornography, etc. In order to crack a 128-bit WEP key, last I checked, you need something like 5-10 GIGABYTES of traffic to analyze. I don't use that much bandwidth in a year over wireless - it's just to be able to surf from the living room, etc.
:)
I've checked out the range on my AP using some nice high-gain antennas, and seeing as it's in the basement, someone would have to be within 3 or 4 houses of me. That's a pretty limited range, so I can narrow it down to say 100 of my neighbours. And one of them would have to sit and passively sniff my traffic for an ENTIRE YEAR. Answer: change my WEP key every few months, and unless I'm not up to date with the latest security issues, I'm virtually immune. Sure, they can sniff my SSID. Big whoop if they can't get on it.
Disclaimer: I haven't played with Kismet in over 6 months, so if there's some new "grab 10 packets and crack the WEP key" setting that I haven't heard about, please correct me
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
probably the most important news is that China will disallow standard 802.11 WEP security and mandate its own standard - WAPI for all Wi-Fi in the country. This could have wide ranging implications, from splitting the market to leading to a possibly improved system (on first glance, WAPI beats WEP hands down, except for privacy implications - big surprise) for the world.
In any case, it is a dramatic development.
The only good weather is bad weather.