RE: Wireless Technology (can it be secured and how)
From: Chisholm Wildermuth (cwildermuth@dbwebnet.net)Date: 05/10/02
- Previous message: Matt Hemingway: "Re: Webservers"
- Maybe in reply to: leon: "Wireless Technology (can it be secured and how)"
- Next in thread: Bennett Todd: "Re: Wireless Technology (can it be secured and how)"
- Next in thread: Chisholm Wildermuth: "RE: Wireless Technology (can it be secured and how)"
- Reply: Bennett Todd: "Re: Wireless Technology (can it be secured and how)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 May 2002 11:23:49 -0700 From: "Chisholm Wildermuth" <cwildermuth@dbwebnet.net> To: "Bennett Todd" <bet@rahul.net>
Ok, I wont argue with you on those points because they're all correct :-) but
for most instances I think a setup like that would assure most everyone wont
be getting in. If someone wants in bad enough, they'll do it no matter what
they have to try and do...Personally I think dumpster diving and finding a
user's password scribbled on a sticky note is going to be easier and less
time consuming than trying to get through the ACL, WEP and VPN. If you're
still that worried about traffic going over an 802.11x network that you still
feel that this setup is insecure, the question then becomes should you even
be running any wireless at all?
Chisholm Wildermuth
Systems Engineer
dbWebNet, Inc.
---------------------------------------------------------------------------
The opinions expressed here are my own and do not necessarily reflect those
of my employer.
-----Original Message-----
From: Bennett Todd [mailto:bet@rahul.net]
Sent: Friday, May 10, 2002 10:58 AM
To: Chisholm Wildermuth
Cc: security-basics@securityfocus.com
Subject: Re: Wireless Technology (can it be secured and how)
On Fri, May 10, 2002 at 09:48:05AM -0700, Chisholm Wildermuth wrote:
> We have circumvented the flaws in wireless security by this process:
> [ MAC addr ACLs, cloaked ESSID, WEP, VPN ]
Of those measures, the VPN is the one on which your security hangs.
- MAC addrs are broadcast in the clear; someone with a sniffer can pull them
from the air. And setting the MAC addr your card uses is as easy as
invoking
ifconfig, at least on Linux.
- ESSID cloaking doesn't prevent the ESSID from being broadcast in the clear
in legitimate traffic from clients, it just keeps the base stations from
inviting normal clients to join the party. Sniffing software like Kismet
can
pull the ESSID out of normal traffic.
- WEP is flawed; Kismet can save seen WEP packets in an archive designed to
let you run Airsnort to crack the WEP key. Takes minutes to hours,
depending
on traffic levels, but once it's done WEP is defeated, and since there's no
convenient automatic re-keying system it's a big hassle to change your
keys.
Make sure you trust your VPN implementation, since off-the-shelf, easy-to-use
tools will tear right through every other measure you have. That is the
nature
of wireless today. In my opinion, it's also the nature of wireless for the
forseeable future; I don't know of any efforts to launch a sound design
process for a replacement to WEP.
I'd recommend you treat your wireless LAN as a wholly untrusted network, and
use a tool like nmap to do detailed port scans of every machine, both server
and client, connected to it. Attackers will be able to do the same.
-Bennett
- Previous message: Matt Hemingway: "Re: Webservers"
- Maybe in reply to: leon: "Wireless Technology (can it be secured and how)"
- Next in thread: Bennett Todd: "Re: Wireless Technology (can it be secured and how)"
- Next in thread: Chisholm Wildermuth: "RE: Wireless Technology (can it be secured and how)"
- Reply: Bennett Todd: "Re: Wireless Technology (can it be secured and how)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
