At 03:30 AM 9/2/01 -0400, George Metz wrote:
>Hey guys,
>
>For those of you that saw and skipped, or don't read Slashdot, check out
>the following:
>
>http://www.nas.nasa.gov/Groups/Networks/Projects/Wireless/index.html
>
>It's actually a pretty ingenious solution to the wired encryption setup. I
>don't see any mention of actual VPN/Encryption for traffic from the
>wireless device to the firewall, though, so I wonder if you could still
>sniff data. It mostly seems geared towards preventing unauthorized usage
>of netaccess, rather than denying information access.
>
>Any thoughts?
I've seen several variants on this idea over the paast 6 months (even worked
on a related prototype project, for a client that ended up not seeing any
moneymaking opportunity with it ... at least I think that's why the project
never went ahead). This White Paper covers most of the basics.
You can improve security a bit by checking the arp table regularly (every
minute or so) to make sure the (claimed) arp address of the system using an
IP address has not changed. This forces an attacket to use link-level
spoofing, not IP-level spoofing.
You can further improve security by using some sort of active tool in the
client ... say something able to authenticate itself using client
Certificates. This makes spoofing very tough, perhaps impossible (if the
Cert uses a safe key length).
Even a system with these added features isn't foolproof, but it does limit
breakins to a higher class of fool.
Bottom line -- as far as I've been able to figure out, wireless cannot be
completely secure without using high-quality link-level encryption. Without
it, the vulnerabilities are akin to those that you get if you leave a LAN
port on a hub unprotected (that is, in a location where a stranger can plug
in a workstation).
--
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
Palo Alto, CA [EMAIL PROTECTED]
----------------------------------------------------------------
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
