Government Use of WiFi Not Secure

Terremoto writes "A Congressional report indicates that the use of WiFi by government agencies is being done with little regard for security. The article says, "Government Accountability Office investigators were able to pick up Wi-Fi signals from outside all of the six agencies they tested, and they were able to find examples of unauthorized activity at all six as well.""

It is the US government

[Dance_Dance_Karnov]

Can they not afford cat5 or something? 20,000$ for a toliet seat, and this is how you save money.

Re:It is the US government

[FireballX301]

1. In densely packed office buildings, it is in fact cheaper (in terms of material and labor, nobody wants to bust down walls to insert cabling) to just have wireless and put repeater antennas everywhere.

2. $20,000 for a toilet seat breaks down into this:

$19975 for secret black-ops projects nobody will ever hear about.

$24 for the Toilet Seat

$1 for the liability insurance. You know, from the dangers a toilet seat can cause.

Re:Open WIFI == Good

[Osty]

That sounds great, right up to the point where some pervert uses your open wi-fi to download child porn which is then traced back to your IP, or some l33t hax0r d00d tries to crack into military servers. And of course all of this is ignoring the fact that most ISPs specifically deny you the right to share your access this way. There are a few like Speakeasy that don't care or even encourage it, but Speakeasy's service sucks (I know, I had DSL with them for two years), and none of them legally protect you if someone using your connection doesn't something illegal or at least against their AUP.

You could go hardcore setting up a walled garden, authentication system, and the whole nine yards, but you really don't have to. Even doing something as simple as enabling WEP on your AP is enough for the casual browser. It's certainly not 100% secure, and anybody with malicious intent could easily crack your key in minutes, but that's not the point. It's a deterrent and a source of plausible deniability. A thief could easily pick the lock on your door, but the simple act of locking your door will keep most people out (the end goal). As well, the fact that you took some measure means that you can't be held responsible when the thief who picked your lock and stole your shotgun later goes on to shoot up a school or convenience store.

This is the fault of consumers and the WiFI makers

There is a wonderful solution to all of the wireless security issues:

802.11i

802.11i not only plus all of the holes in WEP, it also uses AES encryption to get around all of the potential problems with RC4.

Right now, as I speak, err write, I can not buy an 802.11i complient router with AES encryption. I've looked at Netgear's site. I've looked at Linksys's site. I've looked everywhere. There was a bunch of discussion about how 802.11i was going to be the next great thing in mid-2003, then a deafening silence.

If I want 802.11i right now, I can't get it.

I think the fact of the matter is the your average user is not willing to pay for than $50 for a wireless router. It is, of course, possible to make AES work fine with a router of that costs, but it is going to take good deal of economics of scale in action to make a 1,000,000-transistor chip for implementing AES affordable at that price point.

802.11i is just not a buzzword in the buzz machine that all the tech magazines use. Until it becomes a buzzword, wireless networks will continue to be insecure.

(There is also a lot to be said for 802.11i being deployed on a wide enough scale that AES becomes ubiquitous. I would like to see special AES-specific op codes on x86 chips and have $5 co-processors available that can do AES at 100Mbps)

Re:Watergate

[Seigen]

Its ironic that leaking of politically inconvenient information is probably one of the most effective ways to get security taken seriously, at least within one organization.

Of course they may just label the people who intercepted the unencrypted information terrorists and use it as an excuse for why you must elect them ...

Do /.'s consider WPA "good enough"?

[WoTG]

How secure is secure enough? From what I can see in almost every office I've been in, finding a way to steal data (not necessarily digital format) is relatively easy. So should we really expect "perfect" security from WiFi networks?

Clearly unencrypted wireless is out, WEP too. But how about WPA? I personally feel that running VPN over WiFi would be best, but for many small businesses, the added complexity is hard to justify.

Let me put this another way, what do /.'s use at home?

Re:Unauthorized access?

[JWSmythe]

On a switched network, it could be a problem. Switches don't like seeing the same MAC address on two different ports. It would indicate a loop, in which case STP will shut down one of the ports. 50/50 chance of killing off the person you intended to duplicate.

In a wireless or hubbed environment, it's a radio broadcast.. Both MAC's would receive the signal as if they were the same machine. If you **REPLY** to them, that's a different matter.

If two machines were 192.168.1.10 with HW Addr 01:01:01:01:01:01, a ping would have a duplicate response, if both machines responded to ICMP.

If you, as the good little hacker, had your happy little firewall running to drop any incoming packets that you weren't expecting, then you'd remain invisible. You'd get extra noise coming towards you, that your machine isn't expecting, but hey, we get that on the Internet all the time anyways. :)

MOD PARENT UP!!

[Futurepower(R)]

MOD PARENT UP!! Interesting.

Re:Unauthorized access?

[bdlarkin]

You may be able to hack a card to change its mac address, but MAC address filtering will stop all but the most serious wardrivers and hackers.

Aren't those the ones you REALLY want to keep out of a government agency?

If MAC filtering is your security layer, then your network is accessibly by anybody willing to spend relatively little money to access it.