Slashdot Mirror
Government Use of WiFi Not Secure
Terremoto writes "A Congressional report indicates that the use of WiFi by government agencies is being done with little regard for security. The article says, "Government Accountability Office investigators were able to pick up Wi-Fi signals from outside all of the six agencies they tested, and they were able to find examples of unauthorized activity at all six as well.""
It wasn't clear in TFA either, but do they mean a little pr0n surfing/p2p going on or active hack attempts were found?
SEO Firefox Extension
If it's insecure that provides a perfectly valid explanation for unauthorized behaviour.
"I didn't hit porn, must have been some drive-bys on our wireless network"
I would consider it to be criminally negligent.
It is a shame that they allow these agencies to recieve funding or for their IS / IT departments to still have jobs.
Lets stop talking about Filibusters and start talking National Security
Indeed, NetStumbler's help file even suggests such a scenario as one possible use for the program:
" Wireless LAN Auditing
A corporate network administrator needs assurance that the wired LAN is not being exposed to unauthorized users. This can often happen when users set up their own wireless LANs for convenience. Such wireless LANs often have little or no security, which poses a risk to the entire LAN. The network administrator can use NetStumbler to detect the presence of these "rogue" wireless LANs."
At least now that this story has hit the news, perhaps more people will wake up to the danger and try to secure their critical networks (as long as they leave open at least one for me to use as a wi-fi hotspot ;-)).
Laughter is the best medicine, but in certain situations the Heimlich maneuver may be more appropriate.
I'm always a bit doubtful of these surveys. Some companies run an open network, but to reach any network resources you need to set up a VPN. This avoids possible problems with air-side encryption (yes, I know there are many other solutions) and allows visitors to use the network.
The reason why radio frequencies keep leaking out of these government buildings is because they removed the lead paint from the walls. Now they are going to spend a few million USDs putting the lead paint back on the walls. No wonder the White House is complaining about leaks to the media.
Maybe in the next presidential elections concerning a power hungry, i-must-crush-my-opponent-candidate, there will be a wireless-tapping scandal that takes place in the parking lot of the Watergate hotel instead of the actual room.
Obviously, that sets up Forrest Gump II where the Forrest character spots a couple of geeks trying to jump start their van because their surveillance equpiment drained the battery.
porp
About the only solution I've seen is the airFortress product that utilizes a client that encrypts all data and decrypts it through a hardware device that interfaces with the access points. Military has been using it for a bit.
MAC filtering is absolutely worthless. All I have to do is sniff, find a MAC on your network, and change my MAC to that. Easier than cracking WEP.
Every corporation with any sense of security uses a DMZ + a VPN into the real network.
I know many disagree with me on this, but personally I think that open WIFI networks is a very good thing. And I encourage all Wifi administrators to Open up their networks for all! This is quite safe if you secure the private services on the networks so random people only have access to the Internet. Think of it like this: You allow a few people to use the Internet from your home in exchange of being able to use the Internet when you are other places. If everybody with a Wifi does this then we will eventually have a global free Internet available everywhere for all. Again, having a Open Wifi is no threat to you IF you simply secure the services running on the Wifi! And this is, in fact, a much better approach than having a firewall and relying on that for security...
9/11: Never forget it was a false-flag operation
Any wardriver with the capability of decrypting WEP can also change their MAC address. Check out Auditor Linux. All the tools you need at the tip of your fingers.
Synergy is your friend
There is a wonderful solution to all of the wireless security issues:
802.11i
802.11i not only plus all of the holes in WEP, it also uses AES encryption to get around all of the potential problems with RC4.
Right now, as I speak, err write, I can not buy an 802.11i complient router with AES encryption. I've looked at Netgear's site. I've looked at Linksys's site. I've looked everywhere. There was a bunch of discussion about how 802.11i was going to be the next great thing in mid-2003, then a deafening silence.
If I want 802.11i right now, I can't get it.
I think the fact of the matter is the your average user is not willing to pay for than $50 for a wireless router. It is, of course, possible to make AES work fine with a router of that costs, but it is going to take good deal of economics of scale in action to make a 1,000,000-transistor chip for implementing AES affordable at that price point.
802.11i is just not a buzzword in the buzz machine that all the tech magazines use. Until it becomes a buzzword, wireless networks will continue to be insecure.
(There is also a lot to be said for 802.11i being deployed on a wide enough scale that AES becomes ubiquitous. I would like to see special AES-specific op codes on x86 chips and have $5 co-processors available that can do AES at 100Mbps)
I don't suppose you really have any control left but when things are getting that bad it's your only sane option. (It's the only sane option when you're getting to 100+ clients anyway). Allowing users to design your IT infrastructure is pure madness, entropy inevitably turns your network to mush.
Even Windows Terminal Server expensive as it is, is better than 25,000 desktops. We use LTSP and an array of Linux and Sun servers[1] tied together with Sun Grid Engine[2] to provide what the users think of as a single system, "The Grid". It was a remarkably easy sale to management, but we were coming from a largely Unix environment. It's a bit more difficult with Windows, the array smallish servers approach is is far more expensive to implement than Linux.
[1] many of them ex workstations and desktops.
[2] Though Condor looks like a good option.
Deleted
Solutions exist to implement secure WiFi, but it comes with a cost.
Harris makes an encrypted PCMCIA 802.11b based card that has high grade encryption built in. It certainly makes the system impossible to get into, but they're far from cheap ($2k+).
Product: SecNet11
In the end, a lot of the exploitable networks comes from either poor management, lack of information or lack of control within government areas.
www.techwatch.com.au
Check out the Army's wireless BBP:% 20Wireless%201_25(Final).pdf
http://www.igov.com/informationtech/contracts/BBP
I can't link to the original because it's behind Army infrastructure, but I found a link out in the real world. It's not too bad. On Army installations, you are required to do layer 2 encryption, which is pretty good. However, the "road warriors" are not required to do layer 2 on the road. Layer 2 is not an easy thing, as we are finding...
My girlfriend's cablemodem took a dump while I was trying to do something, so I fired up Kismet, and found 6 access points within listening range.
4 were encrypted, named "2wire###", where ### is a 3 digit number. I've been informed that those are SBC DSL routers, which *ALL* have the wireless enabled but encrypted by default.
1 was a very weak signal
1 was a moderately strong signal (60% to 70%), unencrypted, named "DEFAULT". Kismet said it was a DLink (if I remember right).
I asked for an IP by DHCP, and I was on. I didn't do anything but started up ethereal, and logged everything for a few minutes.. I was trying to show my girlfriend the problems with unencrypted traffic on the Internet, and how important network security is.
There are two machines on their network, which were both sending SMB traffic with their machine names (or descriptions). I got their Yahoo! Messenger username. I know they have weatherbug running, and saw he specific zip code. They didn't browse the net, but in one of the rare instances that my girlfriend's own cablemodem was working, I sent a message by Yahoo! Messenger, and she saw it go by in clear text. Based on the information I gathered, I knew exactly which apartment it was.
At an unnamed casino in Vegas, I saw everything about their display boards. It would have been trivial for me to pretend to be their host, and change all the boards (winners, potential winnings, etc). I didn't though. I just emailed them when I got home, with the logs. They thanked me for pointing out the oversight. They were very good about it, so I won't say the name.
Once in a while, I'll fire up Kismet, and go driving. Not really wardriving, just to get an idea of what the area looks like. I can see about 200 AP's from my house with a high gain antenna (24db). I can pick up about 300 driving about 10 miles with a low gain antenna (4db) stuck to the back of my laptop screen. In both cases, more than half of the AP's found are unencrypted. Random samplings showed I could get online with no problems.
Serious? Seriousness is well above my pay grade.
WiFi is insecure when used improperly
and in other news
The government is still a bloated inefficient model of stupidity
Water is still wet
and
New study proves that Fish's skin is wet
I will not give in to the terrorists. I will not become fearful.
At least, not at Goddard where I work. NASA used to be an easy target for crackers, but we've tightened up a lot since those days. Network security around here wardrives the grounds, and people with guns (!) will show up if they detect an unauthorized access point.
To a Lisp hacker, XML is S-expressions in drag.