Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Security Ideas From Intel

Posted by Zonk on from the making-you-safer-at-home dept.

Scott writes "Intel is developing a new technology that could prevent unauthorized access to wireless networks using the time it takes for packets to arrive from the access point to the Wi-Fi user. This is one of several ideas were presented at Intel Developer Forum. Intel has also released a hardware-based solution to fight against worm spreading. From the report: 'The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.'"

22 of 151 comments (clear)

  1. The security of your wireless network... by Vyyper · · Score: 5, Insightful

    is only as strong as the weakest link.. which in most cases is the user.

  2. Say Goodbye by Nom+du+Keyboard · · Score: 3, Interesting
    'The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.

    Say goodbye to P2P and BT.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
    1. Re:Say Goodbye by Icyfire0573 · · Score: 3, Insightful

      You could be right, but think of it this way, if your computer is involved in a DDOS, your main method of attack is sending as many SYN packets as your processor and upload will allow, so if your sending 1000SYN packets to every ACK then the network card says HELL NO! and the attack is ceased

  3. If anyone actually bothers to turn it on.. by jcr · · Score: 5, Insightful

    Hey, kudos to Intel for coming up with this stuff, but I suspect that the majority of people who buy a wi-fi router in the next five years will still not bother to even change the default admin password.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
    1. Re:If anyone actually bothers to turn it on.. by riptide_dot · · Score: 5, Insightful

      I suspect that the majority of people who buy a wi-fi router in the next five years will still not bother to even change the default admin password.

      Or take any other measures to secure the device for that matter, like preventing access to unknown MACs, limiting usage to certain times of the day, not broadcasting the SSID, etc, etc...

      This is one of those cases where some of the people that want devices like these have absolutely no idea how to use them correctly. To me, it's like handing the keys to a Ferrari to a 12 year old. ALL of my neighbors have open access points, so whenever people come over to my house with wireless equipment, I don't even bother to modify my network to let them in - I just tell them to sit by a window and inevitably they get all the bandwidth they need.

      Intel is developing a new technology that could prevent unauthorized access to wireless networks using the time it takes for packets to arrive from the access point to the Wi-Fi user.

      I think this is supposed to read "using the time it takes for packets to arrive from the Wi-Fi user to the access point. I have no idea how an access point would be able to monitor how long it took for its packets to make it to the clients...

      --
      I was in the park the other day wondering why frisbees get bigger and bigger the closer they get - and then it hit me.
    2. Re:If anyone actually bothers to turn it on.. by merreborn · · Score: 4, Insightful

      I have no idea how an access point would be able to monitor how long it took for its packets to make it to the clients...

      It probably measures the time between transmission, and the reciept of an ACK(nowledgement). Of course, you'd think a really bogged down machine with a USB Wifi adapter could concievably return ACKs a little slow, and get dropped.

      All in all, it seems like a pretty goofy idea: "Secure your WAP: artificially limit it's already meager range!"

    3. Re:If anyone actually bothers to turn it on.. by j.blechert · · Score: 4, Insightful

      Shouldn't the people who install the access points secure them and not the people who use them? You can't expect joe user to understand even what a MAC or SSID is.

  4. Disconnects on too many connections... by LittLe3Lue · · Score: 5, Funny

    From the report: 'The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.'


    Please. Slashdot has had the same effect on websites for years.
  5. Time to drag out this old chestnut: by This+Old+Chestnut · · Score: 5, Insightful

    Security through proximity is not security at all.

  6. Huh? by Limburgher · · Score: 3, Insightful
    So it shuts down if you suddenly start using it more? Like if I start a multi-threaded FTP transfer, a bittorrent session, or a portscan?

    No thank you. Don't decide for me what traffic I can generate.

    --

    You are not the customer.

  7. Wrong vector, wrong layer, respectively. by Tackhead · · Score: 5, Insightful
    > Intel is developing a new technology that could prevent unauthorized access to wireless networks using the time it takes for packets to arrive from the access point to the Wi-Fi user.

    Crackers are developing new technologies to enable unauthorized access to wireless networks using the time it takes them to intercept and retransmit packets between the access point and the Wi-Fi user.

    As for the "solution" of detecting worms by autokilling connections when bandwidth usage changes in a way that the software didn't predict, (in a way that's more likely to cripple your favorite P2P client software more than it's likely to disable a worm that decides to start slowly and ramp up), how about Intel gets off its sorry ass (if you felt a rant coming on, you were right) and comes up with a real solution to connection hijacking -- namely by implementing cryptographically strong authentication between client and access point at Layer 2 of the OSI model, not Layer 7.

    Oh, right. Securing Layer 2 instead of Layer 7 would harm the interest of those in charge of writing Layers 8 (financial) and Layer 9 (political) of the 7-layer model.

  8. Re:Sounds Fantastic by Anonymous+Crowhead · · Score: 3, Funny

    What happens if I have to take my laptop to the bathroom with me? Will I stay connected?

    It's because of people like you that I cannot touch our company's periodicals library. Damn you! DAMN YOU TO HELL!

  9. Distinguishing P2P from worms by tepples · · Score: 3, Informative

    If you tell the router which port you run your P2P on (e.g. I usually run Azureus on port 6502), then it should be able to distinguish P2P traffic from virus traffic. Besides, virus connections are usually much shorter lived than P2P connections, right?

    1. Re:Distinguishing P2P from worms by flithm · · Score: 3, Insightful

      While a good thought, you're forgetting how worms propagate themselves.

      Usually these days they go in through a buffer overflow in some network application (such as P2P clients).

      The bottom line is it's really hard to tell what's a virus and what's not (viruses tend to disguise themselves).

      That's why they're trying out this method. Yes it's got some problems, especially for the home user, but for corporate situations this might work.

      It all depends on how smart their algorithm is.

  10. Circuitbreaker *not for home users and developers* by Lemming+Mark · · Score: 4, Informative

    Before anyone gets too upset at the idea of their computers getting cut off from the internet for running P2P:

    This kind of technology is not interesting to home users, or even for developer workstations: nobody is going to want to use a technology that cuts off their personal computer. The place it looks (IMHO) to be aimed at is ordinary user desktops in large corporations. These are (supposed to be) highly locked-down environment and controlled tightly by the sysadmins. In this environment, the IT manager is going to prefer inconveniencing a few users by cutting their 'net connection than managing a widescale worm outbreak that'll likely take the rest of the network down for everyone.

    Horses for courses: home users and developers will still be best served by taking precautions (virus scanners and social countermeasures) and being vigilant for signs of an outbreak.

  11. Westell 327w by TheStupidOne · · Score: 3, Funny

    The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.

    My router, a Westell 327w, already has this feature. It locks up when I use the wifi for anything remotely network-intensi...NO CARRIER SIGNAL

    --
    unable to resolve function slashdot.sig(), aborting...
  12. bye bye bittorrent by Gopal.V · · Score: 3, Insightful
    > The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.

    What is there here that can't be done with software ?. Oh, wait .. that needs Microsoft to do it. Doing it at the WiFi card level might give intel an advantage - but most likely they'll just push this into the driver code. Then we're back to the "why doesn't Microsoft do this" - though in truth, we should chuck it and use Linux.

    It essentially means that the moment I run bittorrent, Intel's new WiFi chip will throw me off the network. That's what it'll do for most of us.

    > The access point times the time it takes a packet to arrive the client and go back. Using this time, the access point can predict the location of the user and tell whether a client device is inside or outside the allowed area, for example office wall.

    Similarly all Ethernet cards will have something that allows only packets addressed to it's MAC address to be read. And then someone will find out a way to work around that. I could rephrase when guns are outlawed, only outlaws will have guns - but this is even worse. Intel will create APs which have an artificially limited range to prevent you from taking your laptop to the crapper. This is almost like the userfriendly joke about laptops chained to the desk form of security.

    Truly these are ideas to be sold, not products. Once people buy in on the security of these things, intel hopes to make a killing for no extra-work (yes, we have to buy the NEW secure WiFi cards and then just boot up that AP, let's get mailing status reports - leaving a router with "linksys" wide open). Security needs care and control - just cheap hacks on hardware will not do .
    --
    Quidquid latine dictum sit, altum videtur
  13. I wonder which new technology by springbox · · Score: 3, Interesting
    Intel is developing a new technology that could prevent unauthorized access to wireless networks

    Could it be..

    • Setting the router defaults to be more secure
    • Printing out how to run the setup utility included with the router to secure your network on a big bright yellow card
    • Forcing the user to pay attention to the settings by setting the WPA key to a random default
    • Printing, in big letters somewhere on the inside of the box, explaining how if the user runs yet another inescure 802.11b network, the terrorists have already won
    </sarcasm>

    It seems like Intel might be searching for an automatic solution for this problem, which is bound to fail as quickly as they can put it out in the wild. How do you protect users from bad network setups if the users largely aren't aware that the problem exists? We don't need new technology, we need to modify existing technology that, while it might add a few extra steps, forces users to pay attention to the problem that everyone here is already aware of.

  14. as if it wasnt easy enough... by Anonymouse+Cownerd · · Score: 4, Insightful
    "The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network."

    DOS attacks have just gotten easier.

    --
    http://www.rayn.net . Funny. Stuff.
  15. so what's the solution? by Deitheres · · Score: 4, Insightful

    I agree... about a year ago I did a quick wardrive around my mom's neighborhood (upper middle class suburb of Columbus, OH). I drove 3 blocks, and found 14 wireless networks. 10 were open. I tried using the default password for all of the router types (as identified by netstumbler), and it worked on 9 of the open networks... only 1 of the secured networks had not changed the default password.

    What is the solution to this? I am hardly an expert on supply-side economics relating to production, but how hard would it be to set a random password for both the router and the wireless network? Include a piece of paper with both the password written on them (kind of like a manual addendum, that way each manual won't have to be customized). Or better yet, make the default password the serial number of the router. Extremely difficult to guess, usually a string of alpha and numerics, and the user could never really lose it (unless they removed the serial number sticker from the router).

    There has to be a better way of doing things than what currently exists. To offer a product to consumers that has no security whatsoever in an out of the box condfiguration is moronic. Even more moronic is the fact that the consumer (I'm speaking in general terms of course) makes no effort to read the manual. You would think that logic would strike them in the face as they connect to their network for the first time...

    "Oh, look, Windows automagically detected my wireless network!"
    "Neat, now it's joined! That was easy..." ......

    "Almost TOO easy"
    *smack* (this is the sound of logic smacking them in the face)
    "Wow, maybe I should do something so that it wouldn't be this easy for other people!"

    --
    Just like driving a car:
    (D) to go forward
    (R) to go backward

    1. Re:so what's the solution? by ultranova · · Score: 3

      I also share a dream of a socialist wifi sharing utopia,

      You made a mistake here. Using the word "socialist" immediately sends a "strawman alert" through the brains of anyone reading your message. It's just overused nowadays, and doesn't have the same "oomph" as it did when Soviet Union was still the evil empire.

      The fact is though that the consumers want security, and they are scared of "hackers" (mostly because of media distortion and hyperbole).

      The consumers couldn't care less about security, as proven by their continued usage of Windows, for example. And why should they ? It's not like it harms them in any way if someone piggypacks on their connection - especially if they can do the same on their neighbour's connection, which will lead to traffick being routed through whatever connection has most unused available.

      No, it is the four- and three-letter acronyms that want security - RIAA, MPAA, FBI, CIA etc. If people are free to connect through whatever wireless connection happens to be available, they are pretty difficult to monitor. Make them connect through a single designated pipe, and you can pin easily monitor all incoming and outgoing traffick for a particular person.

      Furthermore, as wireless access points grow more numerous, you would eventually get to a point where IP packets would simply be routed from one wireless point to the next, forming an uncensorable internet. That is unacceptable - all countries want to censor their citizens. Even Finland recently found an arrangement where the police gives a list of websites to be blocked to the ISP's, who will then block them - this was done to combat child porn, of course; now let's see how long until someone starts demanding that hate speech, illegal file sharing, and whatever else he might have a grievance against gets blocked by the Great Firewall of Finland.

      A privately owned (by private citizens, not corporations) and operated Internet, made up of wireless access points routing packets outside the corporation owned wires would make such censorship impossible, so better to kill it off before it really catches on. That is the true motive behind these calls for security.

      For those of us that want to turn it off, the option would still exist.

      Yeah, but that means that you purposefully allowed your access point to be used by anyone, making it much easier to succesfully sue you for any illegal actions someone might conduct through it.

      Who do you work for ? CIA ? FBI ? RIAA ? MPAA ? How well did they pay you for your message ?

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  16. Time for Clarke's Corollary? by volsung · · Score: 3, Interesting
    Any sufficiently advanced worm will be indistinguishable from normal user traffic.

    (OK, so it has nothing to do with Clarke's Law, other than sharing the same sentence pattern.)