----- Original Message -----
From: "Chris Maxwell, WDSL Inc." <[EMAIL PROTECTED]>
To: <isp-wireless@isp-wireless.com>
Sent: Tuesday, February 06, 2001 1:12 PM
Subject: Re[2]: Hackers can penetrate wireless network
> OK, before we get too far into these "security" arguments too far,
> lets look at what we are trying to prove:
>
> 1. Is it possible to gain usable access to a wireless network
> 2. Is it easier than on a wired network?
>
> First, a basic premise of security: there is no such thing as "secure"
> in the sense implied - security is the art of making it so difficult
> to break in, or so time consuming to do so that the investment
> outweighs the return. Fort Knox, Camp David, Area 51, etc are NOT
SECURE -
> they simply have measures in place to make it extremely difficult to
> penetrate, and active monitoring to alert "sysadmins"
>
> 1. Yes, it is possible to break into any network given enough
> time/money. For wireless, just listen, store, and decrypt to gain
> information, and spoof for access. For hardwire networks/telco, find
> a wiring closet and some alligator clips. Even T1's are not safe - a
> few minutes in a manhole with the right equipment and you can
> man-in-the-middle a T1 as well. Fibre - a little more difficult since
> you cannot just "tap" the line, but a pair of repeating splitters and
> you're in business.
>
> 2. Depending on what type of wired network you compare it to, it can
> be easier or harder to break into a wireless network. A well designed
> network with multiple layers of firewalls, access codes, MAC
> verification, encryption, and active detection is extremely hard to
> break into, especially since a sysadmin is notified when the break-in
> starts.
>
> The level of security needed also must be based on the type of service
> being offered - public internet access, contrary to public belief does
> not need to be secure since the other 10-15 hops on the public
> internet are also unencrypted and readily sniffed. Its a lot easier
> to social engineer a router password in a NOC than people are lead to
> believe. For a business network with transactions encryption is
> required, but that does not guarantee security either - it just
> prevents casual peeking, a determined effort could brute-force break
> the encrypted packets - but is it worth the effort?
> Do banks use greater than 128 bit encryption for inter-bank transfers?
> Most certainly not - in fact many banking transactions still travel
> unencrypted over analog lines that any pre-teen with alligator clips
> and a 14.4 modem hacked to listen only can watch.
>
> Is current wireless technology (with or without WEP) sufficient to
> stop the casual listener - most certainly, since the barrier to entry
> is the cost of equipment (keeps the script kiddy's away). Is it
> secure enough to stop a determined break in - no more than any other
> wired solution, and since the gear is usually on the roof, locked up
> you have a leg up on the DSL guys - since their termination jacks are
> all outside, unlocked, and calling out to be opened.
>
> Best regards,
> Chris Maxwell
> [EMAIL PROTECTED]
>
> --
>
> WDSL Inc.
> www.wdslinc.com
>
> 100 Hamilton Street North
> P.O. Box 650
> Waterdown, Ontario, Canada
> 905-690-6367 x234
> 905-689-4794 Fax
> 877-626-6799 Toll Free
>
>
>
> ___________ . The ISP-WIRELESS Discussion List . ___________
> To Join: mailto:[EMAIL PROTECTED]
> To Remove: mailto:[EMAIL PROTECTED]
> Archives: http://isp-lists.isp-planet.com/isp-wireless/archives/
