Re: Security issues with regards to wireless networks...

• Previous message: Ben: "Re: >>>>> ROOT exploit in Samba <<<<<"
• In reply to: Allen Kistler: "Re: Security issues with regards to wireless networks..."
• Next in thread: Dragandhop: "Re: Security issues with regards to wireless networks..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From:  <null@void.net>
Date: Mon, 17 Mar 2003 13:45:28 -0800

In article <O43da.1824$we1.565541@newssrv26.news.prodigy.com>,
ackistler@yahoo.com says...
> Ram Samudrala wrote:
> > [snip]
> >
> > However, a wireless network changes all that. One need not be
> > physically in a building to gain access to the network behind the
> > firewall if the wireless network isn't configured correctly. And my
> > question is, can a wireless network be configured so that it behaves
> > like a wired network and offers the same security (in other words,
> > prevent unauthorised machines from becoming part of our network
> > without physical access)? ....
>
> WEP = Wired Equivalent Privacy
> except it isn't. Using open source tools, anyone (with two wireless
> machines, one to run AirSnort and one to run a packet injector ala
> reinj) can crack a 128-bit WEP key in under 60 minutes.
>
> The solution is to treat all wireless access points as just as untrusted
> as the Internet. Firewall them off from the rest of your network.
> Require the same access methods to get through your wireless firewall as
> you do through your Internet firewall.
>
> It's well enough trod territory, I'm sure there are articles on
> SecurityFocus and papers in SANS about it.
>
>
The 801.11 standard includes an encryption mechanism called Wired
Equivalent Privacy, or WEP, which has been widely publicized as the main
point of attack in the WLAN network.
For starters, the 40-bit key length called for in the WEP standard is
too short to withstand a brute-force attack. But the problem does not
stop here. Even with the longer 128-bit WEP encryption keys called for
in WEP2, a weak key-management scheme makes the secret key attached to
each encrypted data packet vulnerable to attack. WEP key management has
two basic problems: (1) the limitations of the Initialization Vector
(IV) and (2) the use of static WEP keys where the odds of collisions are
very high. IV collisions produce so-called "weak" WEP keys when the same
IV is used with the same WEP key on more than one data frame. When a
number of these weak keys can be analyzed, WEP can be attacked to expose
the shared secret.
For example, a hacker using a network sniffer like AirSnort can collect
the weak keys, analyze them, and discover the shared secret between
wireless clients and access points. Once the shared secret is known, a
malicious attacker would have access to the WLAN and could decrypt data
packets being passed on the exposed network.

So that's the problem.

Agere Systems is First to Solve Wireless LAN Wired Equivalent Privacy
Security Issue
FOR RELEASE MONDAY NOVEMBER 12, 2001
New software prevents creation of weak WEP keys
COMDEX, LAS VEGAS, NV.- Agere Systems (NYSE: AGR.A) today announced
WEPplus, a security enhancement for Agere Systems' ORiNOCO(tm) wireless
LAN-based networks. WEPplus is included in the company's new Winter
Software release, which is available via a free Internet download, and
will be included in all products shipped beginning November 23, 2001. It
helps to prevent hacker programs such as AirSnort from exploiting the
"weak" key component of the standard WEP (Wired Equivalent Privacy)
encryption used in most 802.11b, Wi-Fi wireless networks.
In the last few months, there has been a lot of attention focused on the
fact that the WEP encryption as defined by IEEE 802.11 is not an
"industrial strength" encryption protocol. The "Intercepting Mobile
Communications" paper by Nikita Borisov and David Wagner of UC Berkeley,
and Ian Goldberg of Zero-Knowledge Systems discussed the vulnerabilities
of WEP. More recently, the paper on "Weaknesses in Key Scheduling" by
Scott Fluhrer of Cisco Systems, and Itsik Mantin and Adi Shamir of the
Weizmann Institute in Israel demonstrated the ability to easily-mount
passive attacks on what are known as "weak" WEP keys, that is,
relatively easy to crack by hackers. Also, with the introduction of the
AirSnort program, which is now available on the Internet, it is possible
to passively monitor and hack into a WEP-protected wireless LAN. WEPplus
can ensure the integrity of a network against these attacks.
WEPplus is designed for Agere ORiNOCO-branded or OEM-branded Agere
Systems' Wi-Fi wireless LAN products. Non Wi-Fi equipment will still be
able to exchange data with the WEPplus enhanced network, but may be
susceptible to WEP weak key attacks. The Agere ORiNOCO wireless WEPplus
implementation provides complete interoperability with all Wi-Fi
compliant wireless LAN products, continuing Agere's commitment to the
complete interoperability of Wireless LAN equipment across different
vendors.

And that's one example of a solution that's been available for quite
some time.

---Matthew

• Previous message: Ben: "Re: >>>>> ROOT exploit in Samba <<<<<"
• In reply to: Allen Kistler: "Re: Security issues with regards to wireless networks..."
• Next in thread: Dragandhop: "Re: Security issues with regards to wireless networks..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]