Government Use of WiFi Not Secure

Terremoto writes "A Congressional report indicates that the use of WiFi by government agencies is being done with little regard for security. The article says, "Government Accountability Office investigators were able to pick up Wi-Fi signals from outside all of the six agencies they tested, and they were able to find examples of unauthorized activity at all six as well.""

This problem is a lot more common

[PalmMP3]

The article mentions this problem only in regard to government agencies, but the truth is, it happens all over (in regular businesses) as well. I'm not talking about /.ers who get free broadband through their neighbors open networks; I'm talking about businesses where one employee decides to make his life a little easier by setting up his own personal mini-network - but unknowingly putting the entire company's network at risk.

Indeed, NetStumbler's help file even suggests such a scenario as one possible use for the program:

" Wireless LAN Auditing

A corporate network administrator needs assurance that the wired LAN is not being exposed to unauthorized users. This can often happen when users set up their own wireless LANs for convenience. Such wireless LANs often have little or no security, which poses a risk to the entire LAN. The network administrator can use NetStumbler to detect the presence of these "rogue" wireless LANs."

At least now that this story has hit the news, perhaps more people will wake up to the danger and try to secure their critical networks (as long as they leave open at least one for me to use as a wi-fi hotspot ;-)).

Re:If this were 2003.....

[TWX]

"It is a shame that they allow these agencies to recieve funding or for their IS / IT departments to still have jobs."

I work for a large IT department for a government-based organization. The users don't call us when they get new equipment frequently unless it doesn't work. With all of these wireless devices coming 'ready to go' out of the box we don't usually find them unless we physically stumble across them or unless the DHCP server in the device is handing out address on the LAN at the site and therefore breaking connectivity for the users.

Yes, it is technically possible to note the MAC address of a device when it comes on the network and compare it to a table of kinds of equipment, but there are 11 field technicians, four network engineers, and two cable/infrastructure technicians for 25,000 machines. We don't get the funding for supplies, equipment, or manpower that we need, we don't get support from higher-ups in the organization, and we are left being reactionary. Even worse yet, some of the agency-level higherups are all about 'new technology' without giving us the resources to thoroughly investigate it and how it will impact our network, and half of the time they don't even figure out why the users need such technology for before allowing them to order it.

We have machines running from average as low as Windows 95 (though I do still encounter Windows for Workgroups 3.11 in rare cases) and MacOS 7.5.3. Most days I'm astounded that things work as well as they do, let alone at all.

Re:Unauthorized access?

MAC filtering is absolutely worthless. All I have to do is sniff, find a MAC on your network, and change my MAC to that. Easier than cracking WEP.

Every corporation with any sense of security uses a DMZ + a VPN into the real network.

Secure Wireless for Government

[DaemonTW]

Solutions exist to implement secure WiFi, but it comes with a cost.

Harris makes an encrypted PCMCIA 802.11b based card that has high grade encryption built in. It certainly makes the system impossible to get into, but they're far from cheap ($2k+).

Product: SecNet11

In the end, a lot of the exploitable networks comes from either poor management, lack of information or lack of control within government areas.