Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Wireless Ethernet totally insecure

By sigwinch in News
Wed Aug 08, 2001 at 10:16:37 PM EST
Tags: Security (all tags)
Security

EE Times is reporting in this article that the WEP (wired-equivalent privacy) encryption in 802.11 wireless Ethernet is completely worthless. See the Full Story for background and details.


ADVERTISEMENT
Sponsor: rusty
This space intentionally left blank
...because it's waiting for your ad. So why are you still reading this? Come on, get going. Read the story, and then get an ad. Alright stop it. I'm not going to say anything else. Now you're just being silly. STOP LOOKING AT ME! I'm done!
comments (24)
active | buy ad
ADVERTISEMENT
The IEEE-802.11 standard (commonly known as wireless ethernet) includes something optimistically called WEP:  wired-equivalent privacy.  WEP is based on the RC4 cipher algorithm, and is supposed to give wireless transmissions the same level of security as wired transfers.  Unfortunately, as widely reported earlier this year, WEP uses the RC4 cipher insecurely.  Those earlier attacks took hours, and relied on either the network having a high volume of traffic, or the attacker actively broadcasting.  They also required that the attacker store a dictionary containing many gigabytes of keystream.  While the older attacks are feasible, the technical difficultly would still have kept many casual attacks out.

The new attack is based on a devastating cryptographic weakness in the RC4 cipher itself.  The EE Times article says that an attacker merely has to sniff network traffic for 15 minutes -- no active transmissions are needed -- to recover the encryption key.  Even worse, the key recovery difficulty is supposedly scales linearly with key size:  even changing to a 128-bit key (from WEP's pathetic 40 bits) wouldn't help.  Moreover, 802.11 uses a single key for an entire network, so a compromise anywhere on the network makes every node insecure.  This recent Slashdot article has links to the technical details.  (Inexplicably, that article didn't appear on the Slashdot's front page and awareness of this problem has lagged.)  The hardware and resource requirements for this new attack are trivial:  pretty much anyone with a wireless Ethernet card can compromise WEP.

On a practical level, this means that network administrators need to immediately move all IEEE-802.11 access points outside the firewall and secure the links with some other method (IPSec, SSL/SSH, VPNs, and so forth).

At a planning level, this fiasco shows the futility of hardware-based encryption.  Many (most?) 802.11 cards implement the encryption in special-purpose hardware, which means that they can never be fixed.  Even if a new version of the standard has good encryption, you have to throw away all the existing hardware.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
What will you do?
o Not applicable: I don't use 802.11 57%
o Quit using 802.11 1%
o IPSec 8%
o SSL/SSH 19%
o VPN 7%
o Other (please post) 6%

Votes: 97
Results | Other Polls

Related Links
o Slashdot
o EE Times
o this
o WEP uses the RC4 cipher insecurely
o This
o Also by sigwinch


Display: Sort:
Wireless Ethernet totally insecure | 39 comments (37 topical, 2 editorial, 0 hidden)
More info (4.00 / 3) (#2)
by sigwinch on Wed Aug 08, 2001 at 07:09:06 PM EST

Here is a paper documenting a successful attack against WEP.  (Pointed out by SlydeRule -- thanks!).

--
I don't want the world, I just want your half.

"THE" Firewall (4.71 / 7) (#3)
by SEWilco on Wed Aug 08, 2001 at 07:14:20 PM EST

The wireless gateway should not be outside "the firewall" along with the Internet. You don't want to give open access to the Internet from your wireless system, nor do you want to give the Internet access to your wireless system.

The Internet and the wireless gateway should be on separate firewalls, so you can configure incoming and outgoing traffic to each network separately from your LAN. Yes, physically they might be on the same firewall hardware, but the logical configuration should separate them.

"A" firewall (4.33 / 3) (#5)
by sigwinch on Wed Aug 08, 2001 at 07:45:58 PM EST

Quite true. The essential point is that the wireless access points should not be on the trusted LAN.

--
I don't want the world, I just want your half.
[ Parent ]

"Trusted LAN" (3.50 / 2) (#13)
by ghjm on Thu Aug 09, 2001 at 12:56:35 AM EST

This sort of black and white thinking is exactly what the original comment was about. The industry seems to have developed a very simplistic view of: Internet (BAD) --> "The" firewall --> Trusted LAN (Good). The problem is, 70% of all attacks come from inside1. The LAN can't be trusted. If you assume that all the threats are "out there" and don't put defenses in place internally, you will undoubtedly be 0wn3d by your own (non-IT) staff, or their nephews and cousins.

(1) and 90% of all statistics are made up on the spot...

[ Parent ]

hmm (2.25 / 4) (#4)
by BigChief on Wed Aug 08, 2001 at 07:25:42 PM EST

hmm.. hit a wrong button and end up becoming the only one to vote against this at this time.. that's not cool..my vote should have been a +1 section..oh well..

~You used to think that it would be cool to have a computer implanted in your skull, but as it turns out, it's not.~

Arrrgh! (4.50 / 2) (#6)
by sigwinch on Wed Aug 08, 2001 at 07:47:26 PM EST

You spoiled my perfect meteoric rise to front page! Oh, the humanity! ;-)

--
I don't want the world, I just want your half.
[ Parent ]

No he didn't (4.00 / 1) (#10)
by delmoi on Wed Aug 08, 2001 at 09:17:45 PM EST

He said he would have voted section, which means you are more likely to get on the front page then you were before, because FP is based on the ratio of FP to section votes (.5). Less section votes means a higher FP ratio.
--
"'argumentation' is not a word, idiot." -- thelizman
[ Parent ]
[ot-and-headed-for-meta] Erm... (3.50 / 2) (#16)
by Lionfire on Thu Aug 09, 2001 at 02:37:44 AM EST

Now that is just screaming that there's something wrong with the way FP is worked out...

Shouldn't it be a percentage of the total number of votes? Is this worth taking up somewhere else?

[ blog | cute ]
[ Parent ]
Name is still accurate (4.50 / 4) (#7)
by fluffy grue on Wed Aug 08, 2001 at 07:50:46 PM EST

"Wired-equivalent security" is still a quite accurate term. It's just as secure as a wired network.

That is to say, of course, that wired networks aren't particularly secure. It's not all that difficult to monitor 10MHz and 100MHz RF emissions within close proximity to the wire, nor is it particularly difficult to plug etherape into the physical network (through a cable splice, system exploit, etc.).
--
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]

Name is not accurate (3.50 / 2) (#8)
by sigwinch on Wed Aug 08, 2001 at 08:22:51 PM EST

It's not all that difficult to monitor 10MHz and 100MHz RF emissions within close proximity to the wire, nor is it particularly difficult to plug etherape into the physical network (through a cable splice, system exploit, etc.).
It may not be 'all that difficult', but it's still orders of magnitude harder than the 802.11 crack: anybody with $150 to spend, and who can position themselves within a hundred meters of the target, can crack 802.11. A van Eck attack on wired Ethernet would take expensive non-COTS equipment, while a wired attack could get you sent to jail or even killed (i.e., getting caught by a security guard).

--
I don't want the world, I just want your half.
[ Parent ]

simpler than that (3.66 / 3) (#14)
by Emir Cinder on Thu Aug 09, 2001 at 01:15:16 AM EST

It doesn't take much to figure where the network cables run. They often run along exterior walls and most places I'm interested in don't have the exterior of their buildings fenced off. A drill and a bit of wire is all that needed to get access to the network. A small box can be left behind either to capture the traffic or broadcast it to another collection site.

[ Parent ]
Wired is still more secure (3.00 / 2) (#18)
by DaBunny on Thu Aug 09, 2001 at 10:10:37 AM EST

While it may be fairly easy to compromise a specific wired network you have in mind, it's still true that 802.11 wireless networks are much less secure. It's much easier and much less risky (not to mention legal) to set up a radio receiver than it is to drill a hole in a building, or even to trespass and leave your own transmitter in place.

Moreover, it's possible to secure a physical network with fairly standard, off-the-shelf components. There's no way to do that with a wireless network.

[ Parent ]
Nothing wrong with hardware based encryption (3.00 / 5) (#11)
by jann on Wed Aug 08, 2001 at 11:51:58 PM EST

you just gotta do it right.

Allow me to explain. The problem with wireless ethernet is the fact that it is broadcasting data over radio waves ... we shall say frequency-X. Now when someone picks up that frequency (who you don't want to) you have a problem don't you. Solution : have security access into your workplace and line the walls in lead ... no radio waves will get through that. The only people eavesdropping on your wireless ethernet you have allowed access to your site anyways.

You have other issues though. Mobile phones will not get through the lead either will they ... so you have just killed every mobile in the company. Neither will the radio that you have sitting at your desk or playing your hold music for your PABX ... Bummer.

But there is a solution to that too. Lets say that you could make a particle board that had lead particles of a certain size uniformly embedded into it. If the particle sizing was right (not too large and not too small ... but we are talking sub micron particles here) it would effictively act as a radio wave filter, filtering out radio waves of a certain frequency (+/- a small amount) but letting everything else through. By tuning the size of the particles you can tune what frequencies get trapped and what frequencies get let through. You could even embed different sizes to stop frequencies 1, 2, and 3 but let everything else through.

So the solution is to enclose your offices in this particle board tuned to block Frequency X... your wireless ethernet transmissions get stopped at the wall but your mobile phone still works.

Weird, stupid, why is no one doing it yet? ... they are (a friend of mine makes the machines that make the lead particles) but it is a bit difficult to get it to work on windows. Solve the window problem (block radio waves but let sunlight through) and you may just make a lot of money.

So ... as I said .. nothing wrong with encryption ... the challenge is making it unnecessary.

J

Radio issues (4.00 / 2) (#12)
by sigwinch on Thu Aug 09, 2001 at 12:28:48 AM EST

Solution : have security access into your workplace and line the walls in lead ... no radio waves will get through that.
Radio engineers are very, very, very good at detecting radio waves. The slightest seam or gap anywhere would leak enough signal to allow detection. People who do radio design for a living use similar shielded rooms that are designed to keep outside radio waves out and create a zone of silence, and it is sheer hell to keep those rooms shielded properly (especially if you want to run power cables inside the shielded zone).
By tuning the size of the particles you can tune what frequencies get trapped and what frequencies get let through.
Not hardly. A bandpass filter wall is simply impossible.
Solve the window problem (block radio waves but let sunlight through) and you may just make a lot of money.
A solved problem. The door of most commercial microwave ovens lets visible light through, but is designed to block exactly the frequencies used by wireless Ethernet.

--
I don't want the world, I just want your half.
[ Parent ]

erm??? (4.00 / 1) (#15)
by jann on Thu Aug 09, 2001 at 01:17:08 AM EST

Not hardly. A bandpass filter wall is simply impossible.

Don't tell my friend that ... he'll be really pissed off when his working prototype vanishes in a puff of logic ;-) He'll be even more pissed off when his government funding dries up too (he's gotta eat somehow!).

A solved problem. The door of most commercial microwave ovens lets visible light through, but is designed to block exactly the frequencies used by wireless Ethernet.

I didn't understand the technology enough to know the exact details of the transparent glass problem ... but it was not easily resolvable short of having lead particleboard windows.

J

[ Parent ]

Please, no speculation! Facts! (4.00 / 2) (#35)
by phliar on Thu Aug 09, 2001 at 11:48:19 PM EST

jann replied to sigwinch:
Not hardly. A bandpass filter wall is simply impossible.

Don't tell my friend that ... he'll be really pissed off when his working prototype vanishes in a puff of logic

What's this - Argument by Authority?

Remember, there are experts here. In E-M radiation, I'm not an expert, although I have graduate-level course work in physics, electronics, and communications. Sigwinch may be an expert.

In other words, when Sigwinch replied to your question:

Solve the window problem (block radio waves but let sunlight through) and you may just make a lot of money.

A solved problem. The door of most commercial microwave ovens lets visible light through, but is designed to block exactly the frequencies used by wireless Ethernet.

He is exactly right. In an earlier message I mentioned Farday cages. Read up on those. What the door to the microwave oven has is a metal sheet with holes. The holes are each about 2 mm or so, therefore they will attenuate any waves with wavelengths longer than about a centimeter. 802.11b DSSS uses a 2.4 GHz carrier, or a wavelength of 12.5 cm. Therefore a metal sheet with 2 mm solves your "window problem" - you can see through it but it will block everything with a frequency of less 5 GHz or so.

In fact I have a supplier for copper mesh, as well as samples. The "16 mesh" - wire spacing 1/16 inch, or about 1.5 mm - will attenuate about 40dB at 1 GHz and 30dB at 2.5 GHz. The finer meshes attenuate much better. "100 mesh" will attenuate 55dB at 1 GHz and 48dB at 2.5 GHz. You can see how transparent this material is.

If you don't know what dB is: Each 3dB is a doubling or halving; 30dB means a ratio of 1000, and 60dB is a ratio of 1,000,000. The best photographic film can record a range of about 30dB.


Faster, faster, until the thrill of...
[ Parent ]

Re: Please, no speculation! Facts! (3.50 / 2) (#36)
by sigwinch on Fri Aug 10, 2001 at 12:19:46 AM EST

Not hardly. A bandpass filter wall is simply impossible.
Don't tell my friend that ... he'll be really pissed off when his working prototype vanishes in a puff of logic
What's this - Argument by Authority?
On second thought, maybe not *impossible*, but so implausible and absurd that even a science fiction writer like Greg Bear or Bob Forward would have a hard time selling the idea, let alone doing it with lead particles.
Sigwinch may be an expert.
I have the EE's basic familiarity, but most of my skills are software, and electronics below 1 MHz. I try to avoid that black magic radio voodoo as much as possible. Although in these days of wireless this and cordless that I'm having to learn...
In an earlier message I mentioned Farday cages.
Strictly speaking, you want an RF shield rather than a Faraday cage: a Faraday cage is an electrostatic shield only and may have seams, gaps, and holes. Those openings can be lethal to a good RF shield.

Maybe this is being too picky, but the classical Faraday cage brings up an image of a mere conductive enclosure. Unfortunately, just slapping up metal all around doesn't block radio frequencies (RF). In fact, a bad shield can actually make RF problems worse that nothing at all. (Something that more than one engineer has rediscovered at the last minute when trying to fix a design that violates government radio emissions regulations.)

You can see how transparent this material is.
The video screens of electronic equipment are notorious emitters of radio noise. Spy-resistant military and government equipment often has a window with amazingly transparent mesh. It looks kind of like the metal mesh in 'security' glass, but you have to look really close to see it on the good stuff. It's also used on radio test equipment, to keep the instrument's screen from screwing up the measurement.

Other conductive yet transparent things include:

  1. The shadow mask of a cathode ray tube.
  2. The control grid of a vacuum fluorescent display (e.g., the blue glowing displays on VCRs and microwaves).
  3. The transparent viewing-side electrode of a liquid-crystal display.
  4. The two transparent resistive layers used in pressure-sensitive displays (e.g., most of the palmtop computers that use styli).

--
I don't want the world, I just want your half.
[ Parent ]

ACK! (3.00 / 3) (#20)
by PhillipW on Thu Aug 09, 2001 at 11:07:21 AM EST

Solution : have security access into your workplace and line the walls in lead ...

Wow, are we asking for cancer? There's a reason lead-based paint and other such products are diminishing.

-Phil
[ Parent ]
No, it's not that (4.00 / 2) (#24)
by leviathan on Thu Aug 09, 2001 at 12:33:26 PM EST

While lead is a suspected carcinogen, most people are more bothered by the toxicity of it (being a heavy metal and all). Lead based paints are diminishing in use because it's relatively easy to ingest them, whereas it is much harder with the lining of a wall. Feel free to disprove this statement by practical example.

--
I wish everyone was peaceful. Then I could take over the planet with a butter knife.
- Dogbert
[ Parent ]
While you're at it... (2.66 / 3) (#29)
by Perianwyr on Thu Aug 09, 2001 at 01:57:45 PM EST

don't forget the keep the pets outside.

Of course, then you'll hear, a moment too late, the sound coming over the phone.

[ Parent ]
lead is a little heavy (3.33 / 3) (#32)
by Hefty on Thu Aug 09, 2001 at 03:27:48 PM EST

I worked at one job site that was on the fourth floor of a high rise. There in our computer department was a pretty large server area. The servers, the UPC's, and various backup equipment weighed so much that the building inspectors warned us of overloading the weight capacity of the floor. Now I'm sure plating the walls with lead would raise quite a bit of concern with just about any building inspector on any floor of most any building. Lead just weighs to much and would be a fairly expensive procedure. I would just just suggest plating all your WEP equipment in Lead instead then no one will be able to hack your network, I mean no ONe.

[ Parent ]
Overloaded Building (2.00 / 2) (#33)
by bored on Thu Aug 09, 2001 at 03:44:52 PM EST

Was that building in NY City? Sounds like a story I heard from someone working in exactly the same situation.

[ Parent ]
Dallas (3.00 / 1) (#39)
by Hefty on Tue Aug 21, 2001 at 12:30:51 PM EST

I worked at the Club Corporation of America in Dallas. Hint: Professional golfers don't know jack about computers/software

[ Parent ]
Particle-board with lead? Er... no. (4.00 / 2) (#34)
by phliar on Thu Aug 09, 2001 at 10:43:57 PM EST

line the walls in lead
Why lead?

You are confusing ionising radiation with boot-simple EM radiation. Things like alphas, betas, gammas, hard X-rays - you need lead because you need the high mass of the lead nucleus to scatter those nasties. But regular EM radiation - no, you just need some Faraday shielding. In other words, copper mesh is just fine.

Lets say that you could make a particle board that had lead particles of a certain size uniformly embedded into it. If the particle sizing was right (not too large and not too small ... but we are talking sub micron particles here) it would effictively act as a radio wave filter, filtering out radio waves of a certain frequency (+/- a small amount) but letting everything else through.
Sorry, no - it doesn't work that way. Lookup Farday cages. Basically if the holes in the shield (i.e. the spaces in your mesh) are significantly smaller than the wavelength, the signal is blocked. Every longer wave (lower frequency) is also blocked. But metal particles embedded in particle-board won't do it - it has to be electrically conductive. (Unless you're talking about blocking ionising radiation.)


Faster, faster, until the thrill of...
[ Parent ]

A question more than a comment (4.00 / 1) (#17)
by gbvb on Thu Aug 09, 2001 at 07:59:59 AM EST

I am not that familiar with 802.11.
Is it possible to do frequency hopping (that some of the 2.4Ghz phones do) with a wireless protocol and make it a little more secure?


Answer (4.33 / 3) (#22)
by jwb on Thu Aug 09, 2001 at 12:02:16 PM EST

The version of 802.11b that everyone uses these days uses Direct Sequence Spread Spectrum.

[ Parent ]
802.11 uses frequency hopping (4.00 / 1) (#23)
by Lizard on Thu Aug 09, 2001 at 12:02:18 PM EST

802.11 already uses frequency hopping (this is effective in avoiding interference as well as security of sorts), problem is that all compatable hardware can tell what the sequence is going to be (otherwise communication couldn't happen). This is a different situation from your cordless phone where it only needs to talk to its own base station and it's actually beneficial if each vendor uses a different hopping table in their phones.
________________________
Just Because I Can!
[ Parent ]
There is limited security in obscurity. (4.25 / 4) (#19)
by Myrcurial on Thu Aug 09, 2001 at 10:21:59 AM EST

Most articles I've read on this topic throw around the term 802.11 wireless ethernet. There are actually a whole slew of components to 802.11 and what they are referring to is ONLY 802.11b.

The 802.11 protocol family includes 3 different layer 1 media - FHSS (Frequency Hop Spread Spectrum) at 2.4GHz ISM, DSSS (Direct Sequence Spread Spectrum) at 2.4GHz ISM, and IRDA.

The (currently) most popular wireless ethernet technology is 802.11b - also known as highrate DSSS or Wi-Fi. This is the "spend $150 to sniff the network" type of access. This is the reason why it is a COTS (Common Off The Shelf) attack. The other predominant wireless ethernet is FHSS - utilized mostly by Breezecom equipment. The sheer lack of this as a "common" equipment means that it is unlikely to be found, and expensive when found (yes I know about the Raylink stuff).

The current proliferation of cheap Wi-Fi gear means that you'll have no problem War Driving for signal - especially if you've got some clue about antenna usage - but it is possible for a smaller company to have it's cake and eat it to by using the more obscure gear - still weak security but several times more secure than the average.

You can also benefit by using licensed spectrum - it is possible to rent small cells of spectrum from the holder and arrange for them to purchase gear that is designed for the spectrum. They need to produce proof of license in order to purchase - making it difficult to acquire equipment without the help of an operator. This also has the benefit of being immune to the effects of your neighbor "Bob" and his brand new "GigaRange" phone - like he ever uses it anywhere other than his damn kitchen anyways.

In any case, build a new leg on your firewall, define access controls at the layer 2 level, keep up the management of a MAC address data base and tell your access point to deny all association attempts from unknown MAC addresses. It's painful, but it will help.

Oh, and my home wireless net has never experienced a stray association attempt, but it's still safely in the DMZ and controlled by MAC address at the firewall.

Paranoia is thine middle name...
Do not meddle in the affairs of sysadmins, for they are quick to anger, and devastating in power.
Open up your 802.11 segment, just a little (4.50 / 2) (#21)
by skullY on Thu Aug 09, 2001 at 11:41:51 AM EST

In any case, build a new leg on your firewall, define access controls at the layer 2 level, keep up the management of a MAC address data base and tell your access point to deny all association attempts from unknown MAC addresses. It's painful, but it will help.

Or, why not do what I plan to do and many others have done, and allow limited access to anyone through your wireless link? I plan to allow anyone to access my wireless DMZ, at which point I'll record the mac address they're using (Yes, I know it can be changed) and only allow ipsec and ssh packets out. Then I'll setup a squid proxy, and thanks to the magic of ipf and ipnat, a few redirect rules later they'll be redirected to a web page that explains where the proxy is and if I feel nice I'll give them instructions for configuring their browser.

You may wonder why I want to send them to a page instead of to the squid proxy directly. Basically, I want people to know they can use my network, but give them a basic ToS agreement that let's them know I log every connection they make, and if they do anything illegal from my network I will turn over all relevent information to the authorities. I want to keep my DSL. :=)

There are groups of people actively doing this now, to provide 802.11 internet access where ever you go. The more people providing at least basic access the better. If I wasn't so pressed for time, I'd link to one such group, but a quick google searh should find one local to you.

--
I'm not witty enough for a sig.
[ Parent ]

dangerous (4.00 / 3) (#30)
by anagram on Thu Aug 09, 2001 at 02:45:37 PM EST

I'm willing to bet that if someone who found your free wireless service were to DDoS some weblog or download kiddie porn from the feds, they wouldn't really care if you had a MAC address of someone who you claim did it. They'd sieze your machines pretty fast, and you'd have a lot of explaining to do. Even if you were to explain away the problem, you would still probably lose your connection.

I'd rather not open myself up for this possibility.

[ Parent ]

This hasn't happened yet (5.00 / 1) (#38)
by mushmouth on Mon Aug 13, 2001 at 04:49:25 PM EST

In San Francisco there are several open 802.11b networks. Brewster Kalhe's SFLan, and another that Tim Pozar is involed in. These are completely open, and have been for several years without incident.

[ Parent ]
Not *totally* insecure (4.00 / 2) (#25)
by anagram on Thu Aug 09, 2001 at 01:07:26 PM EST

I have an airport, which is Wi-Fi certified, 802.11 compatible and uses WEP encryption. I just got it a few days ago, so it sucks to read this story now knowing that anyone can sniff my traffic from the street.

However, the airport has ACL support and you can set it to only allow people to join the network if they have a known MAC address. So at least I can rest assured that someone can't do a DDoS from my DSL modem by sniffing my network password.

MAC address is often set in software (3.00 / 1) (#27)
by simon farnz on Thu Aug 09, 2001 at 01:24:00 PM EST

If I can get your MAC address I have access; the range is limited, so a determined hacker can break it if they want to.
--
If guns are outlawed, only outlaws have guns
[ Parent ]
true, but... (4.50 / 2) (#31)
by anagram on Thu Aug 09, 2001 at 02:54:54 PM EST

a determined hacker sniffing packets from the street could also just get bored of that and just cross the street, knock me out and take all the equipment they wished.

When the range of my equipment is less than 150 feet, I have bigger problems if a malicious hacker is sniffing my network

Your sig seems eerily appropriate :)

[ Parent ]

Don't trust the physical layer (5.00 / 2) (#26)
by dadams on Thu Aug 09, 2001 at 01:08:28 PM EST

Here's a good rule of thumb: never trust a physical layer to provide security. First of all, when the physical layer security is broken (and a time will come when it will be broken), you've got to tear out all your existing networking stuff and replace it. Secondly, you lose flexability. There's no way to avoid the overhead of encryption (I know it's not much, but...).

If you want a secure connection, use a secure protocol, like ssh or ssl. Don't assume that your packets are safe when you don't have control over their encryption.



firewall/wireless access point (2.50 / 2) (#28)
by Refrag on Thu Aug 09, 2001 at 01:38:35 PM EST

On a practical level, this means that network administrators need to immediately move all IEEE-802.11 access points outside the firewall and secure the links with some other method (IPSec, SSL/SSH, VPNs, and so forth).
What does this mean for someone using a combination firewall and wireless access point such as the BEFW11P1 that Linksys offers? It uses 128-Bit WEP Encryption Protocol, but since the ease of breaking the encryption is linear that doesn't help much. Is the WAP part of these devices outside of the firewall as was suggested in the article? And if they are, what do they use to get authorized through the firewall?

Refrag

Kuro5hin: ...and culture, from the trenches

The problem is not WEP as such (4.00 / 3) (#37)
by arheal on Fri Aug 10, 2001 at 02:04:09 AM EST

As I understand the problem, the difficulty revolves around the fact that the standard did not properly define how the keys were generated. As a result the implementors of the hardware did ridiculous things like starting key generation at zero on boot up and then incrementing it by one for each key generated. This is a classic IV (Initial Value) crypographic flaw, which allows the attacker to check keys from a dramatically smaller pool of possible values. If manufacturers move to a more sensible key generation mechanism WEP will be saved. This will do nothing however for all those existing 802.11b devices out there (unless they can be flash upgraded).
There can be only one!
Wireless Ethernet totally insecure | 39 comments (37 topical, 2 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!