Re: wireless network security best practice?

From: demeck (diazcarrion_at_hotmail.com)
Date: 09/06/03 

Date: 5 Sep 2003 20:41:32 -0700

"/dev/null" <dev.null@BeginThread.com> wrote in message news:<WXr2b.257963$uu5.59065@sccrnsc04>...
> We have a local wireless net. Is 128 bit WEP and MAC filtering enough?
>
> I tend to think not, anyone could sniff and pick up MACs and then set their
> card to use that MAC, and eventually break the WEP at brute force.
>
> Feedback/Comments?

WEP is broken (despite the key size) and MAC filtering is easily defeated,
but it keeps script-kidies away (for awhile).

You should try VPN/IPSec solution and some sort of authentication, like a
captive portal, for example: http://nocat.net/.

I have proposed and implemented this solution (VPN + captive portal + ...)
as an academic project, but it's based on OpenBSD and i386 (I setup the
Access Point in a 386 box). I think the security was enhanced a lot, but
there's a price to pay: network overhead. WEP (128 bits) decreases the
throughput by 30% and IPSec (Tunnel - ESP - 3DES-CBC HMAC-MD5) by 60%.
Actually, I feel this kind of solution is the best way to protect your
network nowadays.

I could point the references to my project and the Security X Overhead paper
but they are in portuguese. Sorry.

Other solutions:

* 802.1x - most access point vendors suport 802.1x by default. Windows XP
has a 802.1x client (supplicant) built-in. Some researchers pointed out some
security failures.
* Wait for WPA (Wi-Fi Protected Access). I'm not sure whether the access
point vendors have deployed it already.

hope it helps,

demeck

Relevant Pages

  • Re: Problems with Axim x50v and WIFI
    ... In my opinion, either you don't have your WEP key defined properly, or you ... are doing MAC filtering and forgot to define your MAC address of the Axim at ... > I have a Linksys 802.11b broad band Wireless router with WEP and DHCP pass ... > I have two laptops that connect to this network via the Linksys and both ...
    (microsoft.public.pocketpc.wireless)
  • Re: wireless network security best practice?
    ... Is 128 bit WEP and MAC filtering ... > WEP is broken and MAC filtering is easily ... but there's a price to pay: network overhead. ... > I could point the references to my project and the Security X Overhead ...
    (comp.os.linux.networking)
  • Re: wireless network security best practice?
    ... Is 128 bit WEP and MAC filtering ... > WEP is broken and MAC filtering is easily ... but there's a price to pay: network overhead. ... > I could point the references to my project and the Security X Overhead ...
    (comp.os.linux.security)
  • Re: wireless network security best practice?
    ... Is 128 bit WEP and MAC filtering enough? ... I could point the references to my project and the Security X Overhead paper ... Wait for WPA (Wi-Fi Protected Access). ...
    (comp.os.linux.networking)
  • RE: V/Scan for Wireless LANs
    ... I broke WEP in 7 hours by forcing new IVs. ... - automatically set positive security policies for real-time protection, ... For more information on KaVaDo and to download a FREE white paper on Web ...
    (Pen-Test)
Quantcast