Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Year 2003 in Wireless Network Security

Posted by CowboyNeal on from the hindsight-being-what-it-is dept.

OenMarK writes "I ran into an article that is basically an overview of events, software releases, and happenings related to wireless security. There's also a Q&A with some wireless security experts, one of which is from IBM. What's your take on wireless security? Are we there yet?" This is the same site that also hosts the look back at Linux security we posted earlier. They complement each other well.

8 of 66 comments (clear)

  1. At the very least, wireless security... by Anonymous Coward · · Score: 3, Funny

    ...gives the Microsoft security staff something to look down on.

  2. Not a very informative article. by plover · · Score: 4, Insightful
    I would much rather more information about attacks and their severity.

    A study of honeypot projects that showed most wi-fi abuse was "bandwidth stealing" doesn't exactly fill me with a sense of dread. More useful would have been a list of attempts hackers sitting outside of unsecured businesses trying to get at the corporate data.

    Or are they trying to lull potential customers into a false sense of security?

    --
    John
  3. VPN... by craenor · · Score: 4, Informative

    Just have your wireless devices set to a DMZ that opens to one page, a VPN portal. Then you have a wireless connection, with VPN providing your security. Voila...a little bit more cumbersome, but isn't your network integrity worth it?

    1. Re:VPN... by JKR · · Score: 3, Informative
      Or use WPA with RADIUS, and centralise all your external authentication. Based on my experiences with a NetGear FWAG114, that would be my preferred option.

      Jon.

    2. Re:VPN... by Brushfireb · · Score: 3, Informative

      Sure, VPN will do it, but it will eat up your bandwidth too.

      Anyone who has done any significant work with large-scale wifi infrastructure knows this, any form of VPN will eat 20-30% of your bandwidth away just for itself. This is very bad for networks with hundreds (thousands) of users, like large corporations and universities.

      In cases like those, WPA/Radius is a better implementation, or you can use CISCO proprietary LEAP (i think..). They wont eat your bandwidth for breakfast, but they will provide security that is 100x better than WEP (what a joke).

      Combining this with some simple form of network authentication (authenticated DHCP, nocat, or whatever) works pretty darn well.

  4. Always use backend security by bagboy · · Score: 3, Informative

    Despite the advances made in 802.11i - WAP/TKIP (TLS/TTLS/EAP/PEAP) - the best solution is "on-the-wire". 3DES IPSEC and now SSL Tunneling are two examples we are using to avoid new exploits as hacks become available for the wireless standards. The above are tried and true methods of encrypting data. If the end user simply runs a client (3DES IPSEC) or uses the well known SSL standard (no client needed) between themselves and your NOC/Colo/Facilities - you can gaurantee a measure of security for their data.

  5. Easy Setup and Mantainance of Security is Key! by dduardo · · Score: 5, Insightful

    On Linksys' site they have 7 things people should do to keep their wireless network safe:

    1. Change the default SSID.
    2. Disable SSID Broadcasts.
    3. Change the default password for the Administrator account.
    4. Enable MAC Address Filtering.
    5. Change the SSID periodically.
    6. Enable WEP 128-bit Encryption. Please note that this will reduce your network performance.
    7. Change the WEP encryption keys periodically.

    Now your telling me average joe (or administrator) is going to preform all these tasks, and remember to regularly change the WEP encryption keys. This is a problem, and until security setup and mantainance is automated and/or easy enough for the everyday folk, there is going to be a continual growth of attacks on these type of networks.

    ------------

  6. Are we there yet? by TechyImmigrant · · Score: 4, Interesting

    Are we there yet? Lets see..

    1) 802.11i is still not yet approved as a standard
    2) WPA (the impetuously released TKIP variant) is not widely available and like 802.11i relies on 802.1X.
    3) 802.1X has been withdrawn by the IEEE pending a re-write. Its broken for wireless. Don't expect to see the revision any time soon.
    4) No semblance of a seamless, inter operator, inter hotspot, non web-pagey user authentication scheme for mobile devices is widely deployed for 802.11.
    5) Other wireless networks that are deployed are insecure (E.G. GSM)

    I think maybe there's a way to go yet.

    --
    Evil people are out to get you.