On Fri, May 10, 2002 at 09:48:05AM -0700, Chisholm Wildermuth wrote: > We have circumvented the flaws in wireless security by this process: > [ MAC addr ACLs, cloaked ESSID, WEP, VPN ]
Of those measures, the VPN is the one on which your security hangs. - MAC addrs are broadcast in the clear; someone with a sniffer can pull them from the air. And setting the MAC addr your card uses is as easy as invoking ifconfig, at least on Linux. - ESSID cloaking doesn't prevent the ESSID from being broadcast in the clear in legitimate traffic from clients, it just keeps the base stations from inviting normal clients to join the party. Sniffing software like Kismet can pull the ESSID out of normal traffic. - WEP is flawed; Kismet can save seen WEP packets in an archive designed to let you run Airsnort to crack the WEP key. Takes minutes to hours, depending on traffic levels, but once it's done WEP is defeated, and since there's no convenient automatic re-keying system it's a big hassle to change your keys. Make sure you trust your VPN implementation, since off-the-shelf, easy-to-use tools will tear right through every other measure you have. That is the nature of wireless today. In my opinion, it's also the nature of wireless for the forseeable future; I don't know of any efforts to launch a sound design process for a replacement to WEP. I'd recommend you treat your wireless LAN as a wholly untrusted network, and use a tool like nmap to do detailed port scans of every machine, both server and client, connected to it. Attackers will be able to do the same. -Bennett
