Slashdot Mirror

← Back to Stories (view on slashdot.org)

Government Use of WiFi Not Secure

Posted by samzenpus on from the be-more-secure dept.

Terremoto writes "A Congressional report indicates that the use of WiFi by government agencies is being done with little regard for security. The article says, "Government Accountability Office investigators were able to pick up Wi-Fi signals from outside all of the six agencies they tested, and they were able to find examples of unauthorized activity at all six as well.""

10 of 220 comments (clear)

  1. Unauthorized Activity by flood6 · · Score: 4, Interesting
    ...they were able to find examples of unauthorized activity at all six as well.

    It wasn't clear in TFA either, but do they mean a little pr0n surfing/p2p going on or active hack attempts were found?

    --
    SEO Firefox Extension
  2. If this were 2003..... by Anonymous Coward · · Score: 5, Interesting
    then there would be no huge issue. But with tools like - Airsnort for Unix, NetStumbler for Windows and MacStumbler for Mac, there is no excuse for this.

    I would consider it to be criminally negligent.

    It is a shame that they allow these agencies to recieve funding or for their IS / IT departments to still have jobs.

    Lets stop talking about Filibusters and start talking National Security

    1. Re:If this were 2003..... by TWX · · Score: 5, Informative

      "It is a shame that they allow these agencies to recieve funding or for their IS / IT departments to still have jobs."

      I work for a large IT department for a government-based organization. The users don't call us when they get new equipment frequently unless it doesn't work. With all of these wireless devices coming 'ready to go' out of the box we don't usually find them unless we physically stumble across them or unless the DHCP server in the device is handing out address on the LAN at the site and therefore breaking connectivity for the users.

      Yes, it is technically possible to note the MAC address of a device when it comes on the network and compare it to a table of kinds of equipment, but there are 11 field technicians, four network engineers, and two cable/infrastructure technicians for 25,000 machines. We don't get the funding for supplies, equipment, or manpower that we need, we don't get support from higher-ups in the organization, and we are left being reactionary. Even worse yet, some of the agency-level higherups are all about 'new technology' without giving us the resources to thoroughly investigate it and how it will impact our network, and half of the time they don't even figure out why the users need such technology for before allowing them to order it.

      We have machines running from average as low as Windows 95 (though I do still encounter Windows for Workgroups 3.11 in rare cases) and MacOS 7.5.3. Most days I'm astounded that things work as well as they do, let alone at all.

      --
      Do not look into laser with remaining eye.
  3. This problem is a lot more common by PalmMP3 · · Score: 5, Informative
    The article mentions this problem only in regard to government agencies, but the truth is, it happens all over (in regular businesses) as well. I'm not talking about /.ers who get free broadband through their neighbors open networks; I'm talking about businesses where one employee decides to make his life a little easier by setting up his own personal mini-network - but unknowingly putting the entire company's network at risk.

    Indeed, NetStumbler's help file even suggests such a scenario as one possible use for the program:

    " Wireless LAN Auditing

    A corporate network administrator needs assurance that the wired LAN is not being exposed to unauthorized users. This can often happen when users set up their own wireless LANs for convenience. Such wireless LANs often have little or no security, which poses a risk to the entire LAN. The network administrator can use NetStumbler to detect the presence of these "rogue" wireless LANs.    "

    At least now that this story has hit the news, perhaps more people will wake up to the danger and try to secure their critical networks (as long as they leave open at least one for me to use as a wi-fi hotspot ;-)).

    --
    Laughter is the best medicine, but in certain situations the Heimlich maneuver may be more appropriate.
  4. Re:Unauthorized access? by Anonymous Coward · · Score: 5, Informative

    MAC filtering is absolutely worthless. All I have to do is sniff, find a MAC on your network, and change my MAC to that. Easier than cracking WEP.

    Every corporation with any sense of security uses a DMZ + a VPN into the real network.

  5. Re:Are there any safe (hardware) protocols? by tildebeast · · Score: 5, Interesting

    In the Army we use cisco aironets and Air fortress products. Mostly we use it for ptp access to remote locations. However there is software that can be installed on laptops that allows the client to connect, while out and about in the motorpool. we have tried several times to crack our own system, Each time resulting in failure. We can use a linux box and kissmet, and other nameless tools to crack into the multiple wep keys, but the Air Fortress encryption eludes us. We have not had, any unallowed access to our system in the 7 months we have been in Iraq.

  6. Re:Open WIFI == Good by Osty · · Score: 5, Insightful

    That sounds great, right up to the point where some pervert uses your open wi-fi to download child porn which is then traced back to your IP, or some l33t hax0r d00d tries to crack into military servers. And of course all of this is ignoring the fact that most ISPs specifically deny you the right to share your access this way. There are a few like Speakeasy that don't care or even encourage it, but Speakeasy's service sucks (I know, I had DSL with them for two years), and none of them legally protect you if someone using your connection doesn't something illegal or at least against their AUP.

    You could go hardcore setting up a walled garden, authentication system, and the whole nine yards, but you really don't have to. Even doing something as simple as enabling WEP on your AP is enough for the casual browser. It's certainly not 100% secure, and anybody with malicious intent could easily crack your key in minutes, but that's not the point. It's a deterrent and a source of plausible deniability. A thief could easily pick the lock on your door, but the simple act of locking your door will keep most people out (the end goal). As well, the fact that you took some measure means that you can't be held responsible when the thief who picked your lock and stole your shotgun later goes on to shoot up a school or convenience store.

  7. This is the fault of consumers and the WiFI makers by Anonymous Coward · · Score: 5, Insightful

    There is a wonderful solution to all of the wireless security issues:

    802.11i

    802.11i not only plus all of the holes in WEP, it also uses AES encryption to get around all of the potential problems with RC4.

    Right now, as I speak, err write, I can not buy an 802.11i complient router with AES encryption. I've looked at Netgear's site. I've looked at Linksys's site. I've looked everywhere. There was a bunch of discussion about how 802.11i was going to be the next great thing in mid-2003, then a deafening silence.

    If I want 802.11i right now, I can't get it.

    I think the fact of the matter is the your average user is not willing to pay for than $50 for a wireless router. It is, of course, possible to make AES work fine with a router of that costs, but it is going to take good deal of economics of scale in action to make a 1,000,000-transistor chip for implementing AES affordable at that price point.

    802.11i is just not a buzzword in the buzz machine that all the tech magazines use. Until it becomes a buzzword, wireless networks will continue to be insecure.

    (There is also a lot to be said for 802.11i being deployed on a wide enough scale that AES becomes ubiquitous. I would like to see special AES-specific op codes on x86 chips and have $5 co-processors available that can do AES at 100Mbps)

  8. Re:Really? by petecarlson · · Score: 4, Interesting

    Doubtfull? I have done consultations for comapnies that were having problems accessing their mail server because their computers were connecting to the company next door's APs. It seemed that both companies were using linksys access points... SSID "linksys". The whole time they had been using each others connections and neither had a clue.

    CP

  9. Secure Wireless for Government by DaemonTW · · Score: 4, Informative

    Solutions exist to implement secure WiFi, but it comes with a cost.

    Harris makes an encrypted PCMCIA 802.11b based card that has high grade encryption built in. It certainly makes the system impossible to get into, but they're far from cheap ($2k+).

    Product: SecNet11

    In the end, a lot of the exploitable networks comes from either poor management, lack of information or lack of control within government areas.

    --
    www.techwatch.com.au