Re: [PLUG] wireless security

Jason Costomiris on Sun, 12 Jan 2003 19:44:09 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] wireless security

From: Jason Costomiris <jcostom@jasons.org>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] wireless security

Date: Sun, 12 Jan 2003 19:43:34 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

On Sunday, January 12, 2003, at 01:31 PM, jeff wrote:

On Sun, 2003-01-12 at 11:38, Jesse Huestis wrote:
Throwing my two cents in, I have been installing Linksys, Intel and DLink access points/routers for my clients using the 801.1b standard.

What of wireless security? I haven't installed wireless but am curious about this. I've read horror stories about wardriving and intrusions. I understand you can specify that only certain MAC addresses can get by. Is there anything else?
There are a number of features for security, depending on your AP vendor. Here's a few:

1. Closed Networks - Netstumbler & friends work because APs sit there beaconing. Essentially, it's a broadcast advertising the availability of the network, providing the SSID of the WLAN. Closed networks either remove the SSID from the beacons or just don't beacon. Of course, if you were sniffing with something like Airopeek, you could still pull 802.11b frames out of the air, but you'd have to KNOW there's an AP in range for you to sniff. It mostly keeps the war(drivers|walkers) away.

2. MAC-based authentication - many APs (including Apple Airport) allow you to say who can and cannot connect by MAC address. Apple also allows you to plug this into a RADIUS server, which would be a repository for the MAC addresses of permitted clients. It is helpful, but a sophisticated attacker can change his MAC address to suit his needs.

3. 802.1x - standards-track authentication protocol, supports use of x.509 digital certs. The underlying authentication protocol is referred to as EAP, which can also run over TLS (EAP-TLS).

4. Proprietary authentication schemes - probably the best one is Cisco's LEAP. It supports dynamic regeneration of WEP keys (at about a 10 minute interval, if I recall).

5. WEP - Yes, it's much maligned, but it's better than nothing. The so-called 128-bit WEP isn't. It's really a 104-bit cipher with a 24-bit initialization vector (aka the IV). Same goes for 64-bit WEP, it's really 40-bit. It's not going to prying eyes out forever, but if you're diligent about changing WEP keys, you'll prevent the bad guys from associating with your AP, which after all, is your goal.

I have a feeling that work is about to start yammering for one so I'm starting the security research.

-- Jason Costomiris <>< E: jcostom {at} jasons {dot} org / W: http://www.jasons.org/ Quidquid latine dictum sit, altum viditur.

_________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

References:

Re: [PLUG] wireless security
From: jeff <jeffv@op.net>

Prev by Date: Re: [PLUG] red hat oracle install

Next by Date: Re: [PLUG] Samba question

Previous by thread: Re: [PLUG] wireless security

Next by thread: Re: [PLUG] wireless security

Index(es):

Date

Thread