Government Use of WiFi Not Secure

Terremoto writes "A Congressional report indicates that the use of WiFi by government agencies is being done with little regard for security. The article says, "Government Accountability Office investigators were able to pick up Wi-Fi signals from outside all of the six agencies they tested, and they were able to find examples of unauthorized activity at all six as well.""

Unauthorized access?

[Creepy+Crawler]

Err, doesnt the FCC spank down anybody who does Wi-Fi access control (if it's NOT encrypted)?

YEah, breaking an auth scheme could be grounds of breaking/entering, but when its open invite, isnt it allowed?

You know, public airwaves and all..

Re:Unauthorized access?

MAC filtering is absolutely worthless. All I have to do is sniff, find a MAC on your network, and change my MAC to that. Easier than cracking WEP.

Every corporation with any sense of security uses a DMZ + a VPN into the real network.

Re:Unauthorized access?

[zbuffered]

Any wardriver with the capability of decrypting WEP can also change their MAC address. Check out Auditor Linux. All the tools you need at the tip of your fingers.

Re:Unauthorized access?

[sxpert]

well, if they say so, it's the official answer you have to give them for the test if you want to pass. then, nothing prevents you from thinking otherwise :D

Re:Unauthorized access?

[blowdart]

Even Windows supports it, the mac address used can be over ridden in the registry.

Re:Unauthorized access?

[stridebird]

That doesn't get you in. Not quite.

Once you have swapped your MAC address to match another on the network, what happens next? How does the conflict resolve between two machines with the same MAC address? Not nicely...

To be stealthy you need to observe MAC addresses, then identify when a machine has disconnected from the network. Then you can walk up and take it's place at the table and eat its porridge - until it comes back. Then there's conflict again.

Re:Unauthorized access?

[JWSmythe]

My girlfriend's cablemodem took a dump while I was trying to do something, so I fired up Kismet, and found 6 access points within listening range.

4 were encrypted, named "2wire###", where ### is a 3 digit number. I've been informed that those are SBC DSL routers, which *ALL* have the wireless enabled but encrypted by default.

1 was a very weak signal

1 was a moderately strong signal (60% to 70%), unencrypted, named "DEFAULT". Kismet said it was a DLink (if I remember right).

I asked for an IP by DHCP, and I was on. I didn't do anything but started up ethereal, and logged everything for a few minutes.. I was trying to show my girlfriend the problems with unencrypted traffic on the Internet, and how important network security is.

There are two machines on their network, which were both sending SMB traffic with their machine names (or descriptions). I got their Yahoo! Messenger username. I know they have weatherbug running, and saw he specific zip code. They didn't browse the net, but in one of the rare instances that my girlfriend's own cablemodem was working, I sent a message by Yahoo! Messenger, and she saw it go by in clear text. Based on the information I gathered, I knew exactly which apartment it was.

At an unnamed casino in Vegas, I saw everything about their display boards. It would have been trivial for me to pretend to be their host, and change all the boards (winners, potential winnings, etc). I didn't though. I just emailed them when I got home, with the logs. They thanked me for pointing out the oversight. They were very good about it, so I won't say the name.

Once in a while, I'll fire up Kismet, and go driving. Not really wardriving, just to get an idea of what the area looks like. I can see about 200 AP's from my house with a high gain antenna (24db). I can pick up about 300 driving about 10 miles with a low gain antenna (4db) stuck to the back of my laptop screen. In both cases, more than half of the AP's found are unencrypted. Random samplings showed I could get online with no problems.

Re:Unauthorized access?

[JWSmythe]

On a switched network, it could be a problem. Switches don't like seeing the same MAC address on two different ports. It would indicate a loop, in which case STP will shut down one of the ports. 50/50 chance of killing off the person you intended to duplicate.

In a wireless or hubbed environment, it's a radio broadcast.. Both MAC's would receive the signal as if they were the same machine. If you **REPLY** to them, that's a different matter.

If two machines were 192.168.1.10 with HW Addr 01:01:01:01:01:01, a ping would have a duplicate response, if both machines responded to ICMP.

If you, as the good little hacker, had your happy little firewall running to drop any incoming packets that you weren't expecting, then you'd remain invisible. You'd get extra noise coming towards you, that your machine isn't expecting, but hey, we get that on the Internet all the time anyways. :)

Re:Unauthorized access?

[SailorFrag]

Err, not quite.

As far as I know, STP only kills ports that STP decides are causing a loop. Seeing a MAC address on two ports just makes it think that the system has moved (think about what happens if you roam between APs) so it will direct all future packets to that MAC address to the last port it saw data come in from. So if both hosts are sending a lot of data, then the ensuing packetloss (because packets are going to the wrong place) makes it pretty miserable. If only one has a lot of traffic going, then they win most of the time, at the expense of the other. Either way, it's probably going to elicit a helpdesk call by the legitimate user if it happens for too long.

The above description only applies when two systems have the same MAC address, but different IP addresses, and the two systems are going through different switch ports.

If you have two machines configured with the same MAC address and the same IP address, then you basically end up with the system being unusable. Whenever a packet to the other computer is seen, the OS sends a TCP reset or ICMP port unreachable (in the case of UDP). So basically, if there's much traffic going through the two computers at all, then neither of them can get anywhere, because the connections keep getting reset constantly (as opposed to mere packetloss when the IPs are different). You'd need a firewall on /both/ systems to avoid sending the reset responses for any hope of it working (and even then, you only end up as good as the two-IP scenario).

If you have two systems with the same MAC address but different IPs on the same AP/hub, then you can at least have a reasonable hope it'd work. I don't know if sane APs would let two instances of the same MAC address successfully associate though. I don't know how the association process works, so I can only speculate.

Re:Unauthorized access?

[pointbeing]

MAC filtering is absolutely worthless. All I have to do is sniff, find a MAC on your network, and change my MAC to that. Easier than cracking WEP.

Standing up WiFi on a federal network is a lot like herding cats ;-)

I'm the project manager responsible for standing up WiFi access on a fair-sized Department of Defense installation. If the wireless network is configured according to DoD security technical implementation guides (STIGs) it can be fairly secure.

You're correct that MAC filtering alone isn't real secure but we use MAC filtering as one component in a 'defense in depth' strategy.

You're also correct that DMZ + VPN is the only way that makes sense to stand up a wireless network and in DoD that's the only way you *can* stand one up if it connects to a trusted network ;-)

The amusing thing for me was than when my boss handed me this project he thought I was gonna throw up a buncha access points and call it a network. This building is 13 stories high and has about 2500 users - and would produce the wireless footprint from hell if I'd let the boss have his way.

Instead, I told him the IDS pieces needed to be in place first - and we're using a reasonably effective network of AirDefense and Cisco WLSE - if you stand up a rogue AP or an ad hoc network in this building the system will close the ethernet ports feeding the device(s) and shoot an email to the federal cops in the building. I figure about ten minutes after you power the thing up someone with a uniform will be tapping on your shoulder ;-)

All WiFi connections to trusted resources on this network are encrypted - as a matter of fact there's a DoD requirement to encrypt the hard drive of any wireless device connecting to a trusted resource.

So far the biggest challenge for us has been antenna selection and tuning WAP outout power so the network doesn't radiate any farther than we'd like it to and we've had pretty fair results so far. But - anybody working for the federal government who thinks you should just throw up a buncha access points and call it a network needs to be fired or killed or both ;-)

My choice for WiFi security is a combination of private networks, the DMZ + VPN idea you had (which is a DoD requirement), MAC filtering, strategic placement of intrusion detection resources, client-server encryption (we use AirFortress), domain policies that prevent network bridging, denying access to anything that isn't 802.11g and so on. There's also a requirement that the WiFi network can't share any physical infrastructure with the trusted network - so the only only infrastructore pieces the wired and wireless network share are patch panels ;-)

If you walk into my building with an unauthorized WiFi device you'll be able to connect to my Comcast cable modems in three or four public areas, but if you really want on my network you might be able to get on -

But I'm gonna make you work for access ;-)

Re:Unauthorized access?

[bdlarkin]

You may be able to hack a card to change its mac address, but MAC address filtering will stop all but the most serious wardrivers and hackers.

Aren't those the ones you REALLY want to keep out of a government agency?

If MAC filtering is your security layer, then your network is accessibly by anybody willing to spend relatively little money to access it.

Re:Unauthorized access?

[Q2Serpent]

I know they have weatherbug running, and saw he [sic] specific zip code.

+1 for most bizarre method to determine the zip code you are in right now...

Unauthorized Activity

[flood6]

...they were able to find examples of unauthorized activity at all six as well.

It wasn't clear in TFA either, but do they mean a little pr0n surfing/p2p going on or active hack attempts were found?

Of course!

[mrseigen]

If it's insecure that provides a perfectly valid explanation for unauthorized behaviour.

"I didn't hit porn, must have been some drive-bys on our wireless network"

Re:It is the US government

[FireballX301]

1. In densely packed office buildings, it is in fact cheaper (in terms of material and labor, nobody wants to bust down walls to insert cabling) to just have wireless and put repeater antennas everywhere.

2. $20,000 for a toilet seat breaks down into this:

$19975 for secret black-ops projects nobody will ever hear about.

$24 for the Toilet Seat

$1 for the liability insurance. You know, from the dangers a toilet seat can cause.

If this were 2003.....

then there would be no huge issue. But with tools like - Airsnort for Unix, NetStumbler for Windows and MacStumbler for Mac, there is no excuse for this.

I would consider it to be criminally negligent.

It is a shame that they allow these agencies to recieve funding or for their IS / IT departments to still have jobs.

Lets stop talking about Filibusters and start talking National Security

Re:If this were 2003.....

[TWX]

"It is a shame that they allow these agencies to recieve funding or for their IS / IT departments to still have jobs."

I work for a large IT department for a government-based organization. The users don't call us when they get new equipment frequently unless it doesn't work. With all of these wireless devices coming 'ready to go' out of the box we don't usually find them unless we physically stumble across them or unless the DHCP server in the device is handing out address on the LAN at the site and therefore breaking connectivity for the users.

Yes, it is technically possible to note the MAC address of a device when it comes on the network and compare it to a table of kinds of equipment, but there are 11 field technicians, four network engineers, and two cable/infrastructure technicians for 25,000 machines. We don't get the funding for supplies, equipment, or manpower that we need, we don't get support from higher-ups in the organization, and we are left being reactionary. Even worse yet, some of the agency-level higherups are all about 'new technology' without giving us the resources to thoroughly investigate it and how it will impact our network, and half of the time they don't even figure out why the users need such technology for before allowing them to order it.

We have machines running from average as low as Windows 95 (though I do still encounter Windows for Workgroups 3.11 in rare cases) and MacOS 7.5.3. Most days I'm astounded that things work as well as they do, let alone at all.

Re:If this were 2003.....

[_Sprocket_]

It is a shame that they allow these agencies to recieve funding or for their IS / IT departments to still have jobs.

There's several issues here.

First - the money tends to be tight in government IT. This leads to some impact on hardware but a much, much larger impact on personnel. Government IT shops just don't pay what they should. So you either end up with a staff of the best you could afford (but far from the best) and / or a select few dedicated, really good people who are vastly over-worked.

Secondly - the US Government is the ultimate beuocracy. It rarely resembles a meritocracy in any shape or form. Civil Servents tend to end up in IT positions for any other reason than technical competance. Consequently, IT contracts tend to be fairly inconsistant when it comes to technical performance (although the metrics will always show otherwise).

Finally - this is a security issue. IT shops are concerned about making widgets work, not making them secure. When the pressure is one due to limited funds and limited competance, IT will err on the side of functionality; they'll get a widget running. That tends to tip against the inverse relationship with security.

Having said that... the one thing that I like about that statement is the fact that the Gov't beurocracy lives and dies by its budget. Your group is only as powerfull as your budget makes you. Fat budgets display and bestow power. So affecting an organization's budget is guaranteed to get their attention. The trick would be to do it in a manner that doesn't simply make the problem worse.

One final comment - the US Government just isn't good with Infosec. There are notable exceptions. But as a whole, they make a soft target. Any kiddie who bosts about tagging a .gov is simply showing stupidity. The US Government is not strong in Infosec - but they fully know how to operate Law. Note that the recent stories about arrests and investigations connected with Cisco IOS code leaks didn't happen because of Cisco - they happened because the individual(s) involved also compromised a considerable number of Government systems.

This problem is a lot more common

[PalmMP3]

The article mentions this problem only in regard to government agencies, but the truth is, it happens all over (in regular businesses) as well. I'm not talking about /.ers who get free broadband through their neighbors open networks; I'm talking about businesses where one employee decides to make his life a little easier by setting up his own personal mini-network - but unknowingly putting the entire company's network at risk.

Indeed, NetStumbler's help file even suggests such a scenario as one possible use for the program:

" Wireless LAN Auditing

A corporate network administrator needs assurance that the wired LAN is not being exposed to unauthorized users. This can often happen when users set up their own wireless LANs for convenience. Such wireless LANs often have little or no security, which poses a risk to the entire LAN. The network administrator can use NetStumbler to detect the presence of these "rogue" wireless LANs."

At least now that this story has hit the news, perhaps more people will wake up to the danger and try to secure their critical networks (as long as they leave open at least one for me to use as a wi-fi hotspot ;-)).

Really?

[tengwar]

I'm always a bit doubtful of these surveys. Some companies run an open network, but to reach any network resources you need to set up a VPN. This avoids possible problems with air-side encryption (yes, I know there are many other solutions) and allows visitors to use the network.

Re:Really?

[petecarlson]

Doubtfull? I have done consultations for comapnies that were having problems accessing their mail server because their computers were connecting to the company next door's APs. It seemed that both companies were using linksys access points... SSID "linksys". The whole time they had been using each others connections and neither had a clue.

CP

No surprise, Sherlock...

[__aaclcg7560]

The reason why radio frequencies keep leaking out of these government buildings is because they removed the lead paint from the walls. Now they are going to spend a few million USDs putting the lead paint back on the walls. No wonder the White House is complaining about leaks to the media.

Watergate

[porp]

Maybe in the next presidential elections concerning a power hungry, i-must-crush-my-opponent-candidate, there will be a wireless-tapping scandal that takes place in the parking lot of the Watergate hotel instead of the actual room.

Obviously, that sets up Forrest Gump II where the Forrest character spots a couple of geeks trying to jump start their van because their surveillance equpiment drained the battery.

porp

Re:Watergate

[Seigen]

Its ironic that leaking of politically inconvenient information is probably one of the most effective ways to get security taken seriously, at least within one organization.

Of course they may just label the people who intercepted the unencrypted information terrorists and use it as an excuse for why you must elect them ...

Re:why are they using local 802.11b at all?

[appleLaserWriter]

Precious few government agencies need wireless access anyway, and those who do generally know how to handle it.

Could you expand upon that comment please? Why don't government workers need laptops? They seem to make private sector high-tech workers more efficient, why shouldn't the government have access to these efficiencies? After all, government workers were the original Information Technology workers. They didn't just invent digital computers, but also made extensive use of pre-computer information technology.

Are there any safe (hardware) protocols?

[Phoenixhunter]

It seems that just about every form of current encryption has a proof of concept on cracking it. WEP, WPA, LEAP, IPSec, etc.

About the only solution I've seen is the airFortress product that utilizes a client that encrypts all data and decrypts it through a hardware device that interfaces with the access points. Military has been using it for a bit.

Re:Are there any safe (hardware) protocols?

[Hi_2k]

There's a distinction between a theoretical crack and a real one. Theoretically, I could try every 1024 bit key against my GAIM-Encryption messages, and I would eventually find the proper key to decrypt them. It's even possible that there are simpler ways to do it. However, what matters is that it will take sufficently long that the data is no-longer so sensitive. Knowing about next months troop deployments in Iraq is of little use to terrorists in the year 2010.

Re:Are there any safe (hardware) protocols?

[tildebeast]

In the Army we use cisco aironets and Air fortress products. Mostly we use it for ptp access to remote locations. However there is software that can be installed on laptops that allows the client to connect, while out and about in the motorpool. we have tried several times to crack our own system, Each time resulting in failure. We can use a linux box and kissmet, and other nameless tools to crack into the multiple wep keys, but the Air Fortress encryption eludes us. We have not had, any unallowed access to our system in the 7 months we have been in Iraq.

Re:Are there any safe (hardware) protocols?

[Beryllium+Sphere(tm)]

At a guess, the grandparent is referring to the possibility of dictionary attacks on WPA in Pre Shared Key mode and the recent announcement that if you run encryption without authentication in IPSEC then attackers can flip bits and see what happens.

In other words, the crypto doesn't protect you against choosing weak passwords or against choosing a stupid combination of configuration settings in IPSEC.

The crypto algorithms themselves seem to be holding up OK. If you use WPA as intended (with a Radius server) and use an implementation of IPSEC that doesn't make stupid choices for you then you're safe from the publicized vulnerabilities.

big deal

[j1m+5n0w]

So, some government agencies use unsecured wireless networks, and some people might even be leeching off of them for internet access. That might or might not be a real security issue, depending on if they're using their wireless network for sensitive applications and if those applications aren't using end-to-end encryption for their applications and if their wireless networks aren't firewalled away from the rest of their network. Perhaps the actual report describes the vulnerabilities in greater detail than this article, but I don't see how the mere presence of an unsecured wireless network is necessarily something to get worked up about.

Open WIFI == Good

[xiando]

I know many disagree with me on this, but personally I think that open WIFI networks is a very good thing. And I encourage all Wifi administrators to Open up their networks for all! This is quite safe if you secure the private services on the networks so random people only have access to the Internet. Think of it like this: You allow a few people to use the Internet from your home in exchange of being able to use the Internet when you are other places. If everybody with a Wifi does this then we will eventually have a global free Internet available everywhere for all. Again, having a Open Wifi is no threat to you IF you simply secure the services running on the Wifi! And this is, in fact, a much better approach than having a firewall and relying on that for security...

Re:Open WIFI == Good

[Osty]

That sounds great, right up to the point where some pervert uses your open wi-fi to download child porn which is then traced back to your IP, or some l33t hax0r d00d tries to crack into military servers. And of course all of this is ignoring the fact that most ISPs specifically deny you the right to share your access this way. There are a few like Speakeasy that don't care or even encourage it, but Speakeasy's service sucks (I know, I had DSL with them for two years), and none of them legally protect you if someone using your connection doesn't something illegal or at least against their AUP.

You could go hardcore setting up a walled garden, authentication system, and the whole nine yards, but you really don't have to. Even doing something as simple as enabling WEP on your AP is enough for the casual browser. It's certainly not 100% secure, and anybody with malicious intent could easily crack your key in minutes, but that's not the point. It's a deterrent and a source of plausible deniability. A thief could easily pick the lock on your door, but the simple act of locking your door will keep most people out (the end goal). As well, the fact that you took some measure means that you can't be held responsible when the thief who picked your lock and stole your shotgun later goes on to shoot up a school or convenience store.

Wrong metal!Re:The Pentagon Needs Aluminum Siding.

No, it should be tin, not aluminum. Does aluminum protect you from the mind-control rays of the secret government? No, but tin does. Does aluminum protect you from Bush's thought police? Nope, only tin can protect you. So, if we wrap all of the government buildings in tin, we'll all be safe from their harmful effects (except all the legislation, of course. However, if we forget to poke air holes...).

Some of the older posters might point out that "tin foil" caps were good enough to protect them from the government's mind control and thought reading devices of their day, "and it outta be good enough for you". I concur, however, "tin foil" no longer contains tin! Yes, it's really aluminum foil, and people just still call it tin foil. This was a plot by the government to fool people into believing that they were safe from government control. Soon, the black helicopters will be hovering over your doublewide as black-clad stormtroopers burst into your home and disappear you.

Re:WiMax

[petecarlson]

You were so close to being partialy right but your wrong. Yes, wimax devices can be made in the licensed spectrum, but they can also be used in the un-licensed spectrum. It is likley that we will see 5.8 Ghz wimax gear in the US as the "listen first" protocol required in the opening of 5.3 is not compatible with the polling protocol specified in the wimax standard.

CP

This is the fault of consumers and the WiFI makers

There is a wonderful solution to all of the wireless security issues:

802.11i

802.11i not only plus all of the holes in WEP, it also uses AES encryption to get around all of the potential problems with RC4.

Right now, as I speak, err write, I can not buy an 802.11i complient router with AES encryption. I've looked at Netgear's site. I've looked at Linksys's site. I've looked everywhere. There was a bunch of discussion about how 802.11i was going to be the next great thing in mid-2003, then a deafening silence.

If I want 802.11i right now, I can't get it.

I think the fact of the matter is the your average user is not willing to pay for than $50 for a wireless router. It is, of course, possible to make AES work fine with a router of that costs, but it is going to take good deal of economics of scale in action to make a 1,000,000-transistor chip for implementing AES affordable at that price point.

802.11i is just not a buzzword in the buzz machine that all the tech magazines use. Until it becomes a buzzword, wireless networks will continue to be insecure.

(There is also a lot to be said for 802.11i being deployed on a wide enough scale that AES becomes ubiquitous. I would like to see special AES-specific op codes on x86 chips and have $5 co-processors available that can do AES at 100Mbps)

Do /.'s consider WPA "good enough"?

[WoTG]

How secure is secure enough? From what I can see in almost every office I've been in, finding a way to steal data (not necessarily digital format) is relatively easy. So should we really expect "perfect" security from WiFi networks?

Clearly unencrypted wireless is out, WEP too. But how about WPA? I personally feel that running VPN over WiFi would be best, but for many small businesses, the added complexity is hard to justify.

Let me put this another way, what do /.'s use at home?

Thin client

[Colin+Smith]

Seriously!

I don't suppose you really have any control left but when things are getting that bad it's your only sane option. (It's the only sane option when you're getting to 100+ clients anyway). Allowing users to design your IT infrastructure is pure madness, entropy inevitably turns your network to mush.

Even Windows Terminal Server expensive as it is, is better than 25,000 desktops. We use LTSP and an array of Linux and Sun servers[1] tied together with Sun Grid Engine[2] to provide what the users think of as a single system, "The Grid". It was a remarkably easy sale to management, but we were coming from a largely Unix environment. It's a bit more difficult with Windows, the array smallish servers approach is is far more expensive to implement than Linux.

[1] many of them ex workstations and desktops.

[2] Though Condor looks like a good option.

Secure Wireless for Government

[DaemonTW]

Solutions exist to implement secure WiFi, but it comes with a cost.

Harris makes an encrypted PCMCIA 802.11b based card that has high grade encryption built in. It certainly makes the system impossible to get into, but they're far from cheap ($2k+).

Product: SecNet11

In the end, a lot of the exploitable networks comes from either poor management, lack of information or lack of control within government areas.

Re:why are they using local 802.11b at all?

[terminal.dk]

A laptop without wireless is still a laptop. It isn't that difficult to use a network cable.

Of course it prevents you from bringing the laptop to the bathroom.

No

[harris+s+newman]

I have implemented wifi for several parks for a large city. We place the network on the outside of our internal network. We allow anyone to connect to the network after agreeing to a pop-up stating our acceptable use policy. Exactly how can this be conceived as insecure?

Army does it a bit better.

[mgargett]

Check out the Army's wireless BBP:
http://www.igov.com/informationtech/contracts/BBP% 20Wireless%201_25(Final).pdf

I can't link to the original because it's behind Army infrastructure, but I found a link out in the real world. It's not too bad. On Army installations, you are required to do layer 2 encryption, which is pretty good. However, the "road warriors" are not required to do layer 2 on the road. Layer 2 is not an easy thing, as we are finding...

News at 11

[spikedvodka]

WiFi is insecure when used improperly

and in other news

The government is still a bloated inefficient model of stupidity

Water is still wet

and

New study proves that Fish's skin is wet

Re:Wrong metal!Re:The Pentagon Needs Aluminum Sidi

[userlame]

Scratch that. I'll be heading to my local bookstore for a reading comprehension book posthaste. Do they make books about reading comprehension? That blows my mind.

Re:Can't blame them the unauthorized entries.

[eUdudx]

Quoted from parent mod'd off-topic:

Sadly, I really do not blame those that come in through the back door when so many are simply stealing from the front door.

WindBourne has a technical point, at the end of his non-slashdot-compative rant: even before wireless became useful/cheap/widespread, many folks feared any physical connection to a nework that was "insecure"....for example, a Sun JumpStart server allowed (gasp) annonymous ftp access for images.

Not surprised. WiFi's too effin' complicated.

[crovira]

For what it does, displacing/replacing the cost and aesthetics of cat5 cable, wireless does a very bad job of it.

Quite apart from the security aspect, which was handled by slapping WEP on it, its a mess.

It can and does work with extremely simple networks (one transmitters, many receivers,) but it is absolutely terrible at topologies with repeators.

Apple's Airport and 'Bonjour' (previously called 'RendezVous') is one of the worst at letting you build network topologies.

I have scrapped my AirPort base and a couple of 'pucks' because I, a friend AND a network guy I paid for were unable to set up my network.

I am now running a network of Macs and Windows PC on a single LinkSys wireless router because I'd had one since moving to my new place and NOT laying down some cable.

It was simple, secure (WEP & destination addresses so only a few IP addresses are actually exposed and port filtering,) and easy to install.

As for AirPort, Apple's vaunted skills at GUI utterly failed them this time. Its a dogs breakfast of confusing and seemingly contradictory options, 'build' directions and concepts which just don't friggin work.

I'm out $300 bucks on the Airort equipment but two guys and myself are much wiser when it come to wireless. Friends don't let friends buy Airport.

Nice try Apple, but building networks should not be magic where you're never sure if doing one thing just undid another.

Your current GUI approach is totally inadequate, TOTALLY.

Not the FDA though

[BitterAndDrunk]

The FDA IT department is actually pretty good. They've disallowed all wireless routers, and actually patrol the halls of the Fisher Lane building (the main HQ for the FDA, located in Rockville, MD) sniffing for illegal wireless routers to shut down.

If they can ever get away from the "use two consulting firms in an adversarial role" implementation model, they might see some benefits to their IT advances.

Link to the actual report.

[jeblucas]

This might be "US citizen's-only" technically, but the report itself is available on the web here. It's a 1.5MB PDF. You can also request a free printed copy of this or any GAO report here. (This report is GAO-05-383.)

Re:It is the US government

[Elvisisdead]

Spot on. The other part is that the request for the toilet seat stated that it should be able to touch a human ass without freezing it at -10 degrees and still be cool to the touch at 125 degrees. Also needs to be equally comfortable for both sexes and should have a service life of 75 years.

Not at NASA

[alispguru]

At least, not at Goddard where I work. NASA used to be an easy target for crackers, but we've tightened up a lot since those days. Network security around here wardrives the grounds, and people with guns (!) will show up if they detect an unauthorized access point.

Re:It is the US government

[budgenator]

also requires said "toilet seat" be an
1. integrated structural part of the airframe,
2. not release toxic gases on contact with combustion,
3. upon catastrophic failure not pose a physical hazard to the aircrew,