A recent information security issue by Trusecure corp[1], january 2002 had a number of articles that covered the issues involved with this new technology. One of the key articles featured work from texas A&M who pretty much came to the conclusion that "it's not ready for prime time" to quote from the cover pages for this issues article in question. You might find these links additionally usefull:
Antennas Enhance WLAN Security in Byte Magazine, October 2001. http://www.byte.com/documents/s=1422/byt20010926s0002/1001_marshall.html Additionally, ISS has put the Wireless LAN Security FAQ on the web at: http://www.iss.net/wireless/WLAN_FAQ.php I've beefed up the index and made it easier to cross-reference to the specific questions one might have. Was it lawrence livermore that banned the use of wireless lans from it's infrastructure, I'm sure others have seen the SAN annoumnets besides me in the past month or so and can correct me if I misstated who had taken this step. I have quite a list of issues from various lists I've compiled and will forward to folks should they really need to review <upon request> I'd just gzip up themailbox file with all these for others to puruse. Thanks, Ron DuFresne [1] Paul when is Trusecure corp going to start compenstating me for all this free advertising?! <grin> From: Jason Costomiris <[EMAIL PROTECTED]> Subject: My Saturday with Netstumbler... Date: Tue, 5 Mar 2002 17:06:30 -0500 To: [EMAIL PROTECTED] We've all read countless articles about WLAN security. Have they done any good? Based on my experience Saturday afternoon, I'd have to say that all of the press that WLAN (in)security has received hasn't helped. I was bored Saturday afternoon, so I got in the car, hooked up my Netstumbling gear and went for a ride in around a major east coast US city. For the curious, my rig consists of: IBM ThinkPad T21 (P3/800, 512MB RAM, Win2k) sitting on passenger's seat Orinoco Gold USB WLAN device (w/10ft USB cable) sitting on back deck Garmin eTrex GPS with serial interface cable sitting on dashboard Netstumbler 0.3.23 (set to detect APs, but not reconfigure WLAN card) Over the course of about 90 minutes, covering an area about 10 blocks by 30 blocks, driving on only the more "interesting" streets, I discovered 119 Access Points. Of course, my findings here are anecdotal, and may or may not be representative of what's going on out there in general. Thoughts on WEP usage... We all know that WEP is not a reasonable solution for keeping your data private, however, it does help prevent casual lanjacking. Firewalling off the APs from the rest of the network and using IPSec clients to connect between the WLAN clients and the firewall give a much more complete security model. However, WEP is certainly better than nothing. Highlights of my findings: - Only 23.53% of APs found were using WEP - 80.77% of Linksys APs used the default SSID, "linksys" - 2 out of the 3 Apple AirPort base stations had WEP turned on Detailed findings follow: Percentage of Total APs by vendor: Addtron 3 2.52% AMI 2 1.68% Agere (Orinoco/Lucent) 47 39.50% Apple 3 2.52% Cisco (Aironet) 20 16.81% D-Link 4 3.36% Linksys 26 21.85% Netgear 2 1.68% SMC 2 1.68% Other 10 8.40% -------------------------------------- Total 119 WEP Usage By Vendor: Clear WEP % Using WEP Addtron 3 0 0.00% AMI 2 0 0.00% Agere 37 10 21.28% Apple 1 2 66.67% Cisco 11 9 45.00% D-Link 4 0 0.00% Linksys 21 5 19.23% Netgear 2 0 0.00% SMC 1 1 50.00% Other 9 1 10.00% ----------------------------------------------- Total 91 28 23.53% APs With Default SSID By Vendor: Default SSID Other SSID % With Default Addtron 2 1 66.67% AMI 1 1 50.00% Agere 1 46 2.13% Apple 0 3 0.00% Cisco 1 19 5.00% D-Link 2 2 50.00% Linksys 21 5 80.77% Netgear 0 2 0.00% SMC 1 1 50.00% Other 0 10 0.00% -------------------------------------------------------- Total 29 90 24.37% On Fri, 15 Mar 2002, Scott Overfield wrote: > Good Morning, > My employer and I have been discussing the option of purchasing a Lucent > Orinoco system to replace the current ADSL line between our two buildings, > which are only about half a mile apart, with a clear line of > site......However, I have very little experience with wireless, and I > understand WEP is easily cracked...does anyone on the list have any > experience with these devices, and how they can be secured? Any suggestions > or links that you can pass along I would appreciate very much...... > > ******************************************** > Scott Overfield > Network Administrator > Gratiot County Community Mental Health > 989-466-4109 > [EMAIL PROTECTED] > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
