RE: Replacing WEP was Re: Dsniff'ng wireless networks

From: Artes, Francisco (francisco_at_ea.com)
Date: 07/18/01

Here you assume that you have some security by using WEP. WLANs are simply
not secure, and should never be treated as a private network. They should
always be treated like a public network and secured accordingly. E.g.,
place them behind a firewall with no routing between the private and the
WLAN IP network, and open VPN tunnels into the private network.

If by community network you mean a public access point to the Internet via
802.11 then just pop up some SSIDs and leave the WEP key off so people can
just attach. (Without the hassle of cracking WEP.)

-----Original Message-----
From: Simon Waters [mailto:Simon_at_wretched.demon.co.uk]
Sent: Tuesday, July 17, 2001 16:15
Cc: pen-test_at_securityfocus.com
Subject: Replacing WEP was Re: Dsniff'ng wireless networks

Someone is thinking of doing a community network with
Wireless LAN.

WEP seems to offer little in this environment, so thinking
of replacing it with IP based encryption - sort of a public
PKI. Assuming we can get users to switch of non-IP protocols
on their client PCs (I know it is hard to right click
network neighbourhood and pick properties), do we lose any
security at layer two by not using WEP?

i.e. Are we more vulnerable to some other types of attack -
I'm guessing mostly DoS if any more are possible. But hey
they can probably DoS more profitably by stealing the
antennas from the relays and selling them.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • RE: 802.11i research papers
    ... IT Infrastructure - Network Design ... Subject: 802.11i research papers ... with WPA which is the replacement to WEP (TKIP is ... WEP and other security features that the protocol has implemented. ...
    (Security-Basics)
  • SecurityFocus Microsoft Newsletter #50
    ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ...
    (Focus-Microsoft)
  • RE: Wireless Security for Home Users
    ... User 128-bit WEP if your equipment supports it. ... the casual wardrivers to pass you by; there's always an unencrypted network ... Use any vendor-specific security improvements available to you. ... I believe if you use a 3Com WAP and 3Com client cards, ...
    (Security-Basics)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz2000)