Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New flaws in 802.11B

Hemos posted more than 13 years ago | from the good-thing-that-the-neighbors-don't-have-it dept.

Bug 93

obobo writes "The New York Times (free reg yadda yadda) has a story about new flaws in the 802.11 standard, based on this paper. The upshot is that even with 128 bit encryption and MAC address control lists, it's still easy to hack."

Sorry! There are no comments related to the filter you selected.

Re:point to point encryption (1)

Anonymous Coward | more than 13 years ago | (#318301)

Encryption is really important. It's an indispensable component of eliminating anonymnity on the Internet. With public key signing, there's no excuse for ANY traffic on the net to be anonymous. I envision a future in which all packets must be digitally signed or they get dropped by the routers.

Really, I'm looking forward to that day.

NY Times no-registration backdoor link (1)

Anonymous Coward | more than 13 years ago | (#318302)

They still haven't figured out a way to close their no-registration backdoor [nytimes.com] .

Re:Technology (2)

Anonymous Coward | more than 13 years ago | (#318303)

Today seems to be a sad indication that as technology develops further and further, our privacy becomes less and less important. More technology == less privacy?

Storing anything online makes it more easily accessible for good and for evil. Wireless is even less secure than online because a listen only tap point is untraceable.

Get an older scanner that will cover 868-894MHz (analog cellular). You'd be surprised how many people still read their credit card numbers, social security numbers, etc. over the air and in the clear.

Re:point to point encryption (4)

Zachary Kessin (1372) | more than 13 years ago | (#318304)

The problem is not just encryption, its all that other stuff that goes around it. You need a good way to create and distribute keys and make sure that they are used well. Designing a secure system is not just slaping a 128 bit key encryption system onto what you already have, you need to plan it from the ground up very carefully.

Think of it this way if the bank has the world's best vault but transports the money in bob's old VW van. Then the bank has lousy security.

Old news (1)

drwho (4190) | more than 13 years ago | (#318305)

Stupid, old news.
802.11 is insecure, but this is well known.

Re:Technology (1)

yendor (4311) | more than 13 years ago | (#318306)

1984 should be about one or two wars away...
The current world climate isn't paranoid enough.

Perhaps privacy is as bad as it has always been, I've studied people through the "analog" trail everyone have.
It should be noted that I live in sweden where govement information are openly available.
What people don't know is that they are even less private that way.
You might worry about someone finding you creditcard number on the web. Take a look at some slips in your wallet.
Another thing that's a little frightening is to call some companys and claim to be someone else, most companys don't care because they want to be "customer friendly".

I think privacy is a thing you have earn through caution. Don't feed the papertrail!

// yendor
--
It could be coffe.... or it could just be some warm brown liquid containing lots of caffeen.

Re:Layer 2 (2)

Bishop (4500) | more than 13 years ago | (#318307)

Would you post a white-paper saying that the 802.3 NIC you bought didn't encrypt your traffic?

Unlike Ehternet/802.3, IEEE 802.11b is advertised as being secure. It isen't.

Papers like this one are important as it shows how expected features aren't there. It is a paper that that techs can use to show their managers why 802.11b should not be used, or why it is going to cost more then a few hours and the cost of the nics.

Re:Just a thought... (2)

johnnyb (4816) | more than 13 years ago | (#318308)

The reason that there's normally not security in layer 2 is because it usually is a physical connection, and thus you use physical security. Logical connections require logical security. Since you don't have control of the "wires" in wireless LANs, you _do_ need security.

Re:Layer 2 (2)

johnnyb (4816) | more than 13 years ago | (#318309)

The difference is that with a regular wired LAN, you can have physical security - you can control the wires. With wireless you have a totally new can of worms, because the wires are no longer under your control.

Re:Damn ivory tower papers (1)

Bob McCown (8411) | more than 13 years ago | (#318310)

My BS is in Math

Sort of like alot of the BS in this article?

MISINFORMATION--MODERATE THE ABOVE COMMENT DOWN!!! (2)

UnanimousCoward (9841) | more than 13 years ago | (#318311)

As noted in several other replies, 802.11a "operates at the 5-GHz UNII (unlicensed National Information Infrastructure) band and can achieve data rates as high as 54 Mbits/s" as noted by eetimes [eetimes.com] here [eetimes.com] and here [eetimes.com]

Re:Gee... you think? (2)

GoRK (10018) | more than 13 years ago | (#318312)

ETSI (Europe) has lower maximum power requirements but they allow the same number of hopping frequencies as in the USA. In Japan and Canada, though, FHSS radios are limited to the lower half of what is the ISM band in the United States. So they hop on frequencies twice as much as they do in the USA. Something interfering with a radio in Canada would cause twice as much performance degridation as the same radio in the USA, but the problem is even worse with DSS radios in these markets because with only half of the US's ISM band to use, there are no overlapping channelsthus without proper antenna placement and frequency seperation, you are very limited to the total amount of bandwitdh you can aggregate with either technology, and especially DSSS.

~GoRK

Re:Gee... you think? (2)

GoRK (10018) | more than 13 years ago | (#318313)

The hopping sequence of a BSS cannot be determined or recieved reliably by a single radio without knowing the ESS ID of whatever cell you are currently in; however, the ESS ID can be determined easily after determining the hopping sequence.

As far as speed and range, Breezecom equipment (that I know of) will break the 802.11a spec and communicate at 3mbps. If another manufacturer's 802.11a radio comes within range, it will communicate with that raido at 2mbps, but 50% performance above the 802.11a spec often gives these radios a performance advantage over even DSSS radios, since a DSSS radio will talk at 11Mbps, 5.5Mbps, then 2 and 1. Over long ranges it is extremely rare that you can make a full 11Mbps link, and more likely that your 5.5Mpbs link will have less than 50% throughput... meaning that if you get about 2.9Mbps out of your DSSS radio at some distance, you are doing well, and if you can get 2.4Mbps out of a breezecom radio at the same distance, then you are not losing a lot by going with FHSS... Add to that the fact that because of the nature of FHSS technology, you can place probably 10-30 radios in the same band and aggregate the bandwidth, you will leave 802.11b in the dust.

Just some more thoughts on the matter...

~GoRK

Re:Gee... you think? (3)

GoRK (10018) | more than 13 years ago | (#318314)

I did not say it was impossible. I said it was much harder than DSSS. To reliably intercept FHSS with or without WEP requires 72 radios. Without knowing the ESS ID, you will not be able to accurately determine the hopping sequence of your BSS. I suppose you could have a smaller number of radios guessing the sequence, but it would take much longer and be much more complicated. Once you have the hopping sequence worked out, then you can deduce the ESS ID and then after that you could configure one radio to that hopping sequence and then you'd be in the same boat with 802.11b as far as the security of WEP goes. So, the hopping sequence on 802.11a is cryptographically secure from the ESS ID - but I do admit it is very weak crypto. If someone is spending this much money to hork onto your wlan, they could probably physically infiltrate your facility and steal the information necessary to jump on it a lot easier than they could figure it out. If you are that paranoid about your data, then you should be running a more secure form of crypto on top of the base anyway, like I said in my initial post.

~GoRK

Gee... you think? (5)

GoRK (10018) | more than 13 years ago | (#318315)

You know you would have thought that with all the 802.11b stories on here, somebody would have mentioned the much more secure counterpart to 802.11b -- which is 802.11a, a frequency hopping standard that defines a much much much harder to intercept, much much much more stable, reliable communication (we are talking orders of magnitude) above 802.11b (Oh yeah, and plenty [breezecom.com] of equipment [proxim.com] is available [webgear.com] also.)

How come when LAN's go wireless, geeks suddenly forget the basic fundamentals of RADIO which, for the specific technology we are discussing, is almost as well understood as power generation. Wait a minute, but didn't the folks who delegated the IP address space give RADIO OPERATORS a quite enormous chunk for EXPERIMENTATION? Where are all these guys. For instance, the story that ran a few days ago where someone at O'Really (sic) declared that a 802.11b product was good because his microwave oven did not interfere with its operation might have taken one second to read the frequency of his microwave off the little label inside the door and look up the frequency of whatever channel his DSSS radio's was on before realizing that the microwave was (99% likely) not even on the same frequencies.

It's about time for all of you to go out and read how these radios and standards really work [tcr.com] before making wild comparisons, accusations, etc. or being suprised when someone points out that the standard is not fundamentally secure. Here's a hint: It was never designed to be any more secure than wireline communications. The amount of money someone would have to spend to tap into your wired LAN is equivalent to the amount of money they would have to spend to intercept your wireless. If you require secure communications over wireless, use IPSec or encrypted tunnels. Just like you would do on the wireline.

Get it together. I am losing faith in you guys.

~GoRK

Re:"Your 802.11 Wireless Network has No Clothes" (1)

ethereal (13958) | more than 13 years ago | (#318316)

OK, I didn't think it was that insightful, but thanks, I guess.

"Your 802.11 Wireless Network has No Clothes" (3)

ethereal (13958) | more than 13 years ago | (#318317)

That's a pretty 1337 title for a paper, why didn't they just call it:

"All Your WEP Are Belong To Us"

But seriously, this points out that you can't just trust someone to tell you their product is secure. Lucent's "closed network" sounds great, except for the part where it broadcasts the shared secret in the clear!

[smacks head in disgust, and hopes to never commit such a colossal blunder in my own work]

There are only three hop sequences (2)

BeBoxer (14448) | more than 13 years ago | (#318318)

I don't know where you make this stuff up from. There are exactly three hop sequences defined for use in North America and most of Europe.

From "The IEEE 802.11 Handbook: A designers Companion":

Set 1:(0,3,6,9,12...75)
Set 2:(1,4,7,10,13...76)
Set 3:(2,5,8,11,14...77)

Unless I am misreading something, there are only three sets of hopping numbers. Not exactly a difficult thing to guess if you need to.

Your insistance that DSSS is somehow easier to eavsdrop on FHSS is just a bunch of crap. Neither technology was designed with any resistance to eavesdropping in mind at all. You can't specify your own hopping sequence for FHSS, and you can't specify your own Barker sequence for spreading DSSS. Had the 802.11 folks cared at all about making eavsdropping hard, they would have let you do these. Of course, they probably wouldn't have gotten FCC approval, but what the hell.

So, just drop it. What little security you have is based entirely on the WEP, and not at all on your choice of slow FHSS vs fast DSSS.

Re:There are only three hop sequences (2)

BeBoxer (14448) | more than 13 years ago | (#318319)

But can you do that for 802.11 gear? How am I supposed to connect to the WLAN if I don't know the hopping sequence? The book I referenced also specifically says that the sequences were carefully chosen, and makes no mention of user-generated sequences. I have also never seen any reference to an actual configuration parameter for an 802.11 client to specify the hop sequence.

I have no doubt that with some other gear you can change it to whatever you want. But, I have never seen anybody produce a reference to an 802.11 parameter to change the hop sequence. If you can produce a link, I would love to see it.

Found some references (2)

BeBoxer (14448) | more than 13 years ago | (#318320)

I found some references. It is not possible to set arbitrary sequences. According to Breezecom (cached version here [google.com] ):

---quote---
For FHSS systems IEEE 802.11 defines 79 different hops for the carrier frequency. Using these 79 frequencies, IEEE 802.11 defines 78 hopping sequences (each with 79 hops) grouped in three sets of 26 sequences each. Sequences from same set encounter minimum collisions and they may be allocated to collocated systems. Theoretically, 26 FHSS systems may be collocated. However, as synchronization among independent systems is forbidden (synchronization would eliminate collisions), the actual number of systems that can be collocated is around 15.
---end quote---

I assume the three sequences are the ones I originally listed. If I'm not mistaken, it's considered a different "sequence" if you start in a different place. So:

1-5-9 is different from 5-9-1 and 1-5-9. So, an evesdropper would not be trying to guess a random sequence, he would just camp on one frequency, listen, and if a signal showed up he would start hopping. In other words, the 26 seqences vary only in time, so an eavesdropper only has to listen for a few seconds on one frequency to "check" all 26 sequences based on that set. Is that a fair assumption?

I also found a reference to an algorithm for determining which country you are in by checking which frequencies the AP broadcasts beacons on. In order for this to work, it requires the hop sequences to be well known for a given country. It's here [technion.ac.il]

So, given this little bit of research, I still believe the claim that FHSS 802.11 is somehow more secure than DSSS 802.11 is basically crap. I would love to be proven otherwise.

you dont even know what a MAC Address is ... (1)

ihxo (16767) | more than 13 years ago | (#318321)

you dont even know what a MAC Address is ...

Just a thought... (2)

mindstrm (20013) | more than 13 years ago | (#318322)

But who ever said one of the duties of layer 2 was to provide security?

That's not entirely an accurate statement, I relize.. but the concept is there.

Ethernet is very hackable.

You should rely on higher-layer protocols to prevent hackability.... not your lowest layers. 802.11b was not developed for super-secret communications; it's not for spies. It's for every-day-people...

Well.. (2)

mindstrm (20013) | more than 13 years ago | (#318323)

That's rather obvious. but you see, from a data protection point of view, most places don't audit every single jack in every single wall. They don't run switches in ultra-secure mode and don't use static arp tables on all their servers, etc etc etc....

Yes, there is a point, in that others should not be able to connect to your network. That's important.. but not the same thing as network security. We still need higher layer secure protocols.. ALL protocols...

Re:"Your 802.11 Wireless Network has No Clothes" (1)

orcus (21207) | more than 13 years ago | (#318324)

It almost sounds like Lucent's answer is simply disallowing association via the "broadcast ssid" or the "null ssid". This is no really big deal.

Cisco/Aironet access points also have this option to disallow access via the broadcast ssid, with one important difference:
When broadcast ssid is disallowed, the ssid is NOT transmitted in the beacons, which makes associating to those AP's more difficult. (The ssid field in the beacon is nulled out)
Also, as far as I know, Cisco/Aironet does not recommend the usage of shared key authentication, but gives the user the option....

Disclaimer: I work for Cisco/Aironet

Re:Gee... you think? (2)

Xenu (21845) | more than 13 years ago | (#318325)

To reliably intercept FHSS with or without WEP requires 72 radios.

You only need a single wideband receiver.

Re:Gee... you think? (3)

Xenu (21845) | more than 13 years ago | (#318326)

If you think frequency hopping is, by nature, secure and hard to intercept, I have a nice bridge in Brooklyn that I would be willing to sell you. The NSA and military have been intercepting these types of systems for decades.

If the system does not have a cryptographically secure hopping sequence, which is just about everything on the market, it is trivial to intercept. Even with a secure hopping sequence, it is possible to reconstruct the signal in many cases. Think wideband receivers and directional antennas connected to a signal processing computer.

Re:Gee... you think? (1)

RomulusNR (29439) | more than 13 years ago | (#318328)

/me hands GoRK an industry-standard trunk-tracking police scanner

--

The end user doesn't want to deal with security (1)

Arlet (29997) | more than 13 years ago | (#318329)

No matter how strict you make your security, in the end it depends on the user.

If you take every attempt to provide good security, the customer will find your key management such a big hassle that they won't buy your products. Popular magazines will make fun of your complicated methods, and elaborate network setup, and will praise the Plug-and-Play method of your competitor. The only way to survive as a vendor is to make it easy on the user. Unfortunately, tight security and ease of use don't mix very well.

I'll bet that more 802.11 networks are broken into that are simply not using any security at all, than networks that have had their WEP security cracked. Just because the network manager couldn't be bothered to check the box that said 'use WEP security'. And even if people do enable WEP security, how many do you think will opt for a 128 bit hex string, as opposed to an easy to remember dictionary word ?

Re:Gee... you think? (1)

PapaZit (33585) | more than 13 years ago | (#318330)

Try putting more than a dozen 802.11b access points within earshot of each other.

I wish "too many access points" was a problem that I had to deal with. Every wireless install plan that I've seen has assumed some degree of airspace cooperation, and the emphasis is usually on covering an area with as few access points as possible.

You make a good point about dropping connections with 802.11b, but unless things have changed in the last few months, all of the 802.11a stuff that I've seen has the same problem.

how come nobody talks about the 26mb FHSS equipment that is due to come out soon.

There's a lot of cool technology that's "due to come out soon." When it makes the transition from vaporware to hardware, we'll talk about it. I suspect that it'll have the same problems as most high-speed wireless "extensions": you only get the speed if you're within a few feet of the access point. Otherwise, it drops back to the same old slow speed.


--

Re:Gee... you think? (2)

PapaZit (33585) | more than 13 years ago | (#318331)

802.11a becomes saturated much more quickly. Try putting more than a dozen users on an 802.11a access point. IF it works, it'll be amazingly slow.

I haven't read both specs, but I'd guess that 802.11b (Wi-Fi) devices can share a frequency, while 802.11a devices just hop to a new freqency if theirs is in use. When the number of users gets close to the number of frequencies, things fall over and go boom.

I work for a university that recently deployed a large wireless network, and 802.11a was totally unacceptable for even a medium-sized classroom. 802.11b was able to handle the load, though it is pretty slow when you have 50 users sharing a 2Mbps connection.


--

Re:Damn ivory tower papers (2)

Salamander (33735) | more than 13 years ago | (#318332)

Only the WEP attacks require computation, and even those are so trivial as to be not worth coding up except to fuel the script kiddies.

Wrong. You obviously missed this very important sentence at the end of section 5:

Only the WEP attacks require computation, and even those are so trivial as to be not worth coding up except to fuel the script kiddies

What's the significance of that? Well, we already knew that running an 802.11b network without WEP would be the act of a total moron. What the paper is saying is that *with* WEP you can attach to the network but you can't actually use it without the methods mentioned in the Borisov/Goldberg/Wagner paper. Those methods, in turn, are far from trivial. In fact, they're extremely difficult (but, admittedly, not impossible) to implement in the real world. In other words, nobody's network is actually likely to be compromised in this way. As another poster said, it's theoretically interesting, but of very little practical import.

Hate to disagree a bit, but... (2)

frog51 (51816) | more than 13 years ago | (#318333)

Frequency hopping 802.11a is dead easy to hack into - the standard ensures it. Basically, because all devices on the network need to know which frequency to hop to, this info is broadcast, along with timing details and other useful bits and pieces. So you don't need to guess. I have used a £100 802.11a card to hop on to a WLAN in under 2 minutes. It would have been faster, but I was using Winblows that day, and I had to reboot. 802.11a is cheap, low security and dead simple.

802.11b has its advantages - it is a lot harder to hack in a lot of situations, due to ambient rf noise and the chipping code can add a fair amount of front end security if you use a very long sequence, but it too can be monitored. Hence the term WEP - wired equivalent privacy.

I agree with the rest of the post, though:
You wouldn't have sensitive data on your wired network for all to see would you? No, you would encrypt it and use secure encrypted links. Do the same on your wireless LAN.

THAT'S THE WHOLE POINT

Here in the UK, the fact that we can only transmit at 100mW means an attacker does have to be fairly close, and some of my clients do add 'Tempest' type shielding where there is rf leakage, but again, their security comes from encrypted point to point links, and other means


Frog51

VPN Anyone? (1)

Milican (58140) | more than 13 years ago | (#318334)

Well as many have mentioned the wireless 802.11 security leaves much to be desired. There was a story on slashdot that ran about a month or two ago on this same subject. In any case, I would think that if you simply ran an encrypted tunnel from end to end around the wireless segments that would be a much better solution than relying on the weak WEP 802.11 standard.

If you are implementing this on a corporate level you should know this. This is your job. Obviously, the problem here is that we have people implementing networks (MIS graduates) that don't want to look at what fundamentally is going on with the technology. They simply hook up the cards, install the windows drivers and move on to their exchange servers. I guess its not their fault really. Companies know their background. Companies should have some hackers working on breaking into their system. Those white hat hackers could easily expose this stuff. I guess thats what security experts are for.. :)

JOhn

Re:Well... (2)

norton_I (64015) | more than 13 years ago | (#318335)

Actually, there is a really easy way to make these networks secure. Put your wireless access point outside of your firewall, then use VPN software on the client to connect to your intranet. You can also filter at your router to prevent people from getting a "free ride" on the internet if you are concerned about that.

That way, you totally bypass the WEP and have a reasonablly well tested security model (VPN) guarding your data.

When I set up 802.11b in my house, that is what I am going to do...

Re:The end user doesn't want to deal with security (1)

lizrd (69275) | more than 13 years ago | (#318336)

how many do you think will opt for a 128 bit hex string, as opposed to an easy to remember dictionary word ?

How's about both? 0xDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF DEADBEEFDEADBEEF. Is a hex string that is made up of easy to remember dictionary words, especially if you're British.
_____________

Re:dmz (2)

lizrd (69275) | more than 13 years ago | (#318337)

One thing that you may also want to consider is that you may wish for your wireless clients to be behind a firewall for one reason or another. In the case of most home users they probably need their firewall to assign non routable IPs via DHCP for all wireless connections. Thus, for the home user a DMZ of sorts would be an ideal solution. Naturally, your trust model for this DMZ would be different than for a DMZ that consists of webservers and such and would be on a different segment than the webserver DMZ.
_____________

Re:There are only three hop sequences (1)

ZoeSch (70624) | more than 13 years ago | (#318338)

Yup you're misreading... those are the Hopping Sequence seeds... you can actually adjust the hopping pattern as you like (I used to do it with TAL/RDC equipment for Wireless MAN deployments when a DSSS radio got in the way... the ISS band can be very busy sometimes :)

I agree with you, FHSS is harder to intercept but not impossible... so instead of whining about how insecure it is, use the means available to add security over insecure channels (IPSEC, PPTP, VPN software, etc).

WEP algorithm (5)

danielhsu (78479) | more than 13 years ago | (#318339)

An analysis of the WEP algorithm can be found here [berkeley.edu] . The document points out a lot of the flaws in the algorithm and what attacks it is vulnurable to.

nice to see (1)

jinak (78828) | more than 13 years ago | (#318340)

the use of the term "attacker" instead of "hacker".

Re:Gee... you think? (1)

Kishar (83244) | more than 13 years ago | (#318341)

Just so you know, the only security that FHSS has over DSSS is the frequency hopping, and its pattern. If you wish to gain access to an 802.11a network, you simply use an 802.11a radio to do it. Remember (or perhaps learn) that Frequency Hopping radios (at least, in 802.11a) broadcast their hopping pattern ... how else do you expect child radios to stay in sync?
I'm not sure about the capacity of 802.11a, first glance places it in 5-foo GHz, which would greatly increase bandwidth, if implimented correctly (but markedly reduces range). If you're talking about 2.4GHz FreqHopping, it's limited to 2Mbps total, which would give it about 1Mbps throughput).
--

Layer 2 (1)

Kishar (83244) | more than 13 years ago | (#318342)

Folks, I know that security and related foo are a juicy topic that /. loves to tear into, however, step back a moment and apply some grey matter.
Would you post a white-paper saying that the 802.3 NIC you bought didn't encrypt your traffic? How about that 802.3 hub that lets anyone who has an ethernet card and a long enough (within 100m of course) cable see all your data, unencrypted?! Notice anything yet? That's right, 802.11, just like 802.3 is just a layer 2 application. The highest level 802.* understands is MAC address. I, for one, am thankful that the folks who developed it went the extra mile to put a few controls ON THE RF SIDE of things to make it difficult for an attacker to enter a wireless network. However, the person who doesn't understand that 802.11 devices are either a) NICs or b) Bridges, is delusional, and needs to (re)take that Introduction To Networking class.

<rant>
Oh, yeah, and it has become very bothersome, personally, when someone mis-configures, or doesn't configure a device, and then complains about the failures and shortcommings that ensue, blaming the protocol/device/technology/product.
We didn't give the Netcraft "benchmarks" any credence, why should we pay attention to this crap?
</rant>
--

Re:Layer 2 (1)

Kishar (83244) | more than 13 years ago | (#318343)

No, it's not advertised as "secure", it's advertised as "as Private as a Wired LAN".
What you forget is that if someone had the time and money, they could intercept the signals travelling from your keyboard to the computer, the display buffer's signals to the monitor, the ethernet signal travelling down your UTP cable ...
The point is that to the average person, a *properly configured* wireless LAN, using WEP, is exactly as private as sitting on a hub.
--

Re:Gee... you think? (1)

torkar (89383) | more than 13 years ago | (#318344)

Wake up...

The performance of FHSS systems is lower than DSSS systems, typically 50% - 33% of DHSS systems. This is the greatest disadvantage of FHSS.

The only disadvantage of DSSS is that you can't point antennas at each other on the same channel or it will boost the SNR beyond belief. Strategically placed antennas will NOT have this problem. FHSS can deal with it better, however you still lose bandwidth.

Another disadvantage when using FHSS is the frequency problems. 79 in most parts of the world but then you have japan and france(?) with what, 23?

And of course FHSS might be harder but it isn't hard to crack either. Ask any army boy you know that works in that branch.

/Richard

Re:"Your 802.11 Wireless Network has No Clothes" (1)

Lord Kestrel (91395) | more than 13 years ago | (#318345)

Not only do they give you the option, but it comes enabled by default. Both the AP340s I have had shared keys enabled by default.


---GEEK CODE---
Ver: 3.12
GCS/S d- s++: a-- C++++ UBCL+++ P+ L++
W+++ PS+ Y+ R+ b+++ h+(++) r++ y+

Re:nice to see (1)

Lord Kestrel (91395) | more than 13 years ago | (#318346)

Get over it. Mainstream media has been saying hacker instead of cracker/attacker for too many years to change. In your own circles, you can say cracker, but the majority of the people out there will say hacker.
---GEEK CODE---
Ver: 3.12
GCS/S d- s++: a-- C++++ UBCL+++ P+ L++
W+++ PS+ Y+ R+ b+++ h+(++) r++ y+

Re:Damn ivory tower papers (2)

frankie (91710) | more than 13 years ago | (#318347)

they had written plenty of code, guess what though they don't think it is necessary to make the code available to make the point.

Fine. I don't think the code should be released either. But they damn well ought to test it, see how long cracks take under various real world conditions, and publish the results. If it's under an hour, businesses should throw 802.11b out the window immediately. But if it takes a week of constant sniffing, personally I'd be more worried about black hats posing as janitors [google.com] or some such.

burden of proof lies on the IEEE group to prove that WEP is secure

Sure, I agree that WEP is weak. But all security is relative. Any prime-number-based encryption can be broken with sufficient cycles [distributed.net] . So tell me Mr Owl, how many licks [tootsie-roll.com] does it take to get to the center of 802.11b?

Damn ivory tower papers (5)

frankie (91710) | more than 13 years ago | (#318348)

So yet another academic has written up a mathematical proof of the flaws in 802.11. Hurrah. I see one small flaw in their reasoning -- not a single one of those papers includes a section where the author says "I personally sat down with my laptop outside a WEP-enabled office building and cracked the network in [foo] minutes/hours/days/whatever".

My BS is in Math, so I know for a fact that this old joke is often true: "Mathematicians don't need to be good at counting, we just care if it's countable [interaccess.com] ". Until one of these professors (or more likely their grad students) actually writes the necessary decryption code and does it, we still don't know exactly how easy or difficult the crack is.

point to point encryption (4)

MattW (97290) | more than 13 years ago | (#318349)

Honestly, I've gotten to the point where I don't trust wires of any kind, let alone wireless. It's hard enough to trust the endpoints and the encryption between in a secure exchange, never mind trusting your ethernet. Maybe if the government wasn't all gung-ho about preventing nefarious criminals from getting encryption (as if the government opposing it would stop them), then the citizens would already have lightweight encryption capable of securing even a communications medium like this. But, hey, "law-abiding citizens don't need encryption", right?

Re:Gee... you think? (1)

c o r e (102785) | more than 13 years ago | (#318350)

It is fallacious to argue against stronger security in one area because security in another may be weaker. Then, you simply end up with "lowest common denominator" security, which is usually not much security at all.

I don't buy the argument that WEP and 802.11b were supposed to be no more secure than your wired LAN. They are, in fact, much _less_ secure because your network is not bounded by physical means anymore. Someone with a high gain antenna can "plug in" to your lan from a few kilometers away and you wouldn't be the wiser. You'd probably notice a 2km cat5 cable running into the hills away from your building.

I ask you this, if the FHSS or DSSS were meant to provide security (and not the S/N increase, etc. originally intended), why do you need WEP at all? WEP was introduced with 802.11a (which uses your beloved SS system) and lives on in 802.11b.

My read of the 802.11x specs shows no mention of FHSS or DSSS to provide security. The sequence is not meant to be secret! Read the paper and see that associate/disassociate messages are all sent in the clear (and all devices can communicate with APs regardless of FHSS/DSSS because that facilitates interoperability). Also, an attacker could steal a WLAN card and all security of your FHSS/DSSS is gone with the card or laptop (assuming you had a secret sequence to provide security in the first place, which you don't).

-core

Re:Damn ivory tower papers (1)

c o r e (102785) | more than 13 years ago | (#318351)

This attitude of "it's secure until you show me a tool that can break it" is preposterous. I agree that many academic papers show theoretical flaws in systems that are generally not practical. However, these are _practical_ flaws. If you base security decisions on whether there is a tool to exploit a practical flaw, you're looking to get 0wn3d. Would you not drive a car with faulty gas tanks just because nobody has reported any problems with them?

-core

Perspective (2)

jamesl (106902) | more than 13 years ago | (#318352)

Lets spend just a minute thinking about how important this really is. When Bobby Java is sitting in Starbucks, using their wireless connection, what is he likely to be doing? Deleting the 12 e-mails he got last night offering him a low rate mortgage and greater sexual prowess? Browsing the New York Times? /.? Making a lunch date or dinner reservations? Reading Doonesberry? I'm sure there will be eight or 10 people cruising the streets of Seattle trying to pick that important information out of the air.

My US Mail is left every day in a box, on a pole, by the curb, next to the street. No lock. No encryption. I can't remember worrying about someone getting in and stealing my weekly discount shopper coupons or my bank statement or my VISA bill.

Come to think of it ......

Re:Technology (1)

demaria (122790) | more than 13 years ago | (#318353)

Well don't forget that Ethernet broadcasts to everyone on the segment. Which is why it was so easy to sniff people's passwords, email, instant messages, whatever.

Email originally was viewable by everyone, completely open on the system.

Re:Layer 2 (2)

SuiteSisterMary (123932) | more than 13 years ago | (#318354)

You don't 'control the wire' unless they're both fully tempest shielded and contained in an airtight pipe pressurized with inert gas.

Re:Gee... you think? (1)

MrScience (126570) | more than 13 years ago | (#318355)

If you need to protect yourself from people with these kinds of resources, don't do wireless in the first place. Of course, with gizmos like Tempest, you don't stand a chance of keeping stuff secret anyway.

Re:Gee... you think? (2)

danderson (157560) | more than 13 years ago | (#318356)

much more secure counterpart to 802.11b -- which is 802.11a, a frequency hopping standard

Um... no. 802.11 defined the basic standard as well as Direct Sequence Spread Spectrum and Frequency Hopping Spread Spectrum. 802.11a defines the protocol for up to 54Mbps. 802.11b expands the 802.11 standard and includes things such as defining how clients that can support different speeds can all connect to the same access point.

Re:No Free Reg Required. (1)

dr.g (158917) | more than 13 years ago | (#318357)

Well I'll be damned. And this http://channel.nytimes.com/
gives you a directory back to 1919...

Thanks.

Re:WEP algorithm (1)

Bingo Foo (179380) | more than 13 years ago | (#318358)

More info on WEP can be found here [microsoft.com] .

---

Re:Technology (1)

ickyfreak (181280) | more than 13 years ago | (#318359)

> *sigh* How far away is 1984 again? :)

m$ passport anyone?

Software layer as a solution (1)

ModelX (182441) | more than 13 years ago | (#318360)

Get over it folx, the government is never going to approve sales of a wireless product with an unbeatable encryption and without a backdoor.

There is a possible solution: use software with encryption. There are point to point tunneling solutions with encryption and more... Hey, there's money to be made in encrypted wireless networks/intranets. Don't complain, start coding today.

This security issue is unrelated to Airwave (1)

leighklotz (192300) | more than 13 years ago | (#318361)

Airwave [airwave.com] uses unencrypted traffic, not WEP. As a previous poster noted, WEP requires a shared secret among users. There would not be much point to sharing a secret with your fellow coffee drinkers if your purpose is to keep them from reading your Business Plan.

As you point in in #1, it's not secure once it leaves the cafe anyway. If you are concened, use ssh or https or encryption in email for your business plan anyway.

And get a pair of those glasses with mirrors on the front so you can make sure nobody is looking at your laptop screen either!

And to bring everything but the CueCat [slashdot.org] into this, I got mail from Airwave saying that their DSL in the local cafe here used NorthPoint [northpoint.net] .

Re:Gee... you think? (1)

leighklotz (192300) | more than 13 years ago | (#318362)

He probably means plain 802.11 without the b.

government has no authority (2)

sulli (195030) | more than 13 years ago | (#318363)

I could duct tape an IPSec security gateway (e.g. Nortel) to an AirPort and have a solution for secure, point-to-point wireless connectivity. The government couldn't stop me from selling that - and they won't stop router makers from adding 802.11 to secure vpn products. Haven't for years.

Re:point to point encryption (1)

bayduv1n (196505) | more than 13 years ago | (#318364)

Don't put to much faith in digital signatures ability to identify the human user of a computer. Basically all a signature does is guarantee that the user had access to the signature, not that they are legitimate owner of that signature. In a court of law, the signer can still repudiate said traffic.

Like we're worried about hacking... (1)

QwkHyenA (207573) | more than 13 years ago | (#318365)

From what I've heard here on /.

We don't need to worry about security on these wireless devices! Most of the ones that are setup have full blown access to anyone passing by due to a lack of FULL configuration!

Tom says, "No! Stop! it's working... I'm on the net! And I can see the fileserver. Don't mess with it!"

mod this up (1)

khufure (214732) | more than 13 years ago | (#318366)

mod this up

Signature != Encryption (1)

Jonathan Byron (215397) | more than 13 years ago | (#318367)

Sure, they use some of the same algorithms. But they are nnnnot thhe saym.

Re:Damn ivory tower papers (1)

n7lyg (219105) | more than 13 years ago | (#318368)

You obviously did not even bother to read the referenced article. The non-WEP attacks are so trivial as to not require any programming to accomplish (snoop from the parking lot and change the MAC address of your interface being the most trivial attack). Only the WEP attacks require computation, and even those are so trivial as to be not worth coding up except to fuel the script kiddies.

It would really help if people would actually read the links before posting.

Well... (4)

Daath (225404) | more than 13 years ago | (#318369)

Seeing how security over normal wires is very hard to implement, it's really no surprise that wireless devices are more vulnerable...
I guess the only way to make something like that secure to a satisfactory degree (right now), would be to build a radio-dead building with radio-dead windows, so that only wireless devices within the building can connect... That'd bring security up to current level of wiredevices... Which means that you would have to have physical access to the LAN...
Building something like that has a few advantages for the paranoid, it would also block electronic emanations [www.hot.ee] . I think buildings like that are referred to as TEMPEST buildings...
/. has a few articles that touch these subjects. Shielded PC casings [slashdot.org] . Some TEMPEST docs released [slashdot.org] . More docs revealed [slashdot.org] . Scan the EMF spectrum [slashdot.org] . This is the same docs as above I think [slashdot.org] .

Earlier work (2)

srichman (231122) | more than 13 years ago | (#318370)

Dave Wagner at Berkeley published info about weaknesses in 802.11 [berkeley.edu] several months earlier.

HardEncrypt (1)

rice_burners_suck (243660) | more than 13 years ago | (#318371)

Unbreakable encryption is possible: the key must be the same size as the data. See http://www.bebits.com/app/1100 [bebits.com] ... Source included.

Re:Wi-Fi, Lies, and Propaganda (1)

otaku42 (244091) | more than 13 years ago | (#318372)

Hi.

Intel sponsored the study because a year ago Intel was full-blown behind Bluetooth. Bluetooth has since died a nasty death, and Intel has changed courses to embrace Wireless Ethernet.

Bluetooth died? I must have missed that one... Bluetooth never really lived so far, at least it did not live as a grown-up, just as a kid that is in the kindergarten-age. But Bluetooth currently grows up really fast (with the problems involved by fast growth...).
Intel never left the Bluetooth-path, but they turned over from HomeRF to IEEE802.11b. Maybe you mixed this up with bluetooth.

As for security concerns, most products on the market today conform to Wi-Fi which is a more highly secure (and compatibile) variant of the original 802.11b specification.

Sorry, but this is wrong. WiFi is a consortium that does some tests to ensure that the theoretical interoperability achieved with the IEEE 802.11b is true in real life with the tested equipment. It is no way a better or somehow changed version of the 802.11b standard, so the WiFi-Logo does in no way tell anything about better security!

cu, otaku

Waiting isn't going to solve anything (1)

sacremon (244448) | more than 13 years ago | (#318373)

Sure, you can wait and try to implement something stronger into the standard. When that happens, it's going to be hacked anyway. It's the same issue that the music industry is grappling with in developing SDMI - You can't make something unhackable if you expect an arbitrary number of people to be able to use it, and in a timely fashion. MAC addresses can be spoofed, encryption broken, watermarks remove, whatever.

The best thing to do is put it out there with the appropriate caveats, and work to secure it as best you can as you go along. If you are waiting until it is bulletproof, you'll never release it.

Re:point to point encryption (5)

Gruneun (261463) | more than 13 years ago | (#318374)

Honestly, I've gotten to the point where I don't trust wires of any kind

Agreed, but encryption will never be absolutely secure, despite what a government does or does not do. The key is to know who's intereted in your data and plan accordingly. The level of encryption only needs to be stronger than what someone else is willing to attempt breaking.

A prospective victim in a police station isn't absolutely safe, but it's much more likely that they'll be left alone there by someone only interested in lifting thir wallet. The mob snitch is a different story.

Re:Damn ivory tower papers (1)

espo812 (261758) | more than 13 years ago | (#318375)

I don't think the code should be released either.
A theoretical attack is pretty useless when persuading buisnesses.
If it's under an hour, businesses should throw 802.11b out the window immediately.
They arn't going to do this unless they fear people will actually attack it. One of the ways to prove people can and will actually attack it is with open exploit code. Then the companies can't claim it's only theoretical and there is a verifiable method to prove it's exploitable.

espo
--

Re:Damn ivory tower papers (2)

Zeinfeld (263942) | more than 13 years ago | (#318376)

Until one of these professors (or more likely their grad students) actually writes the necessary decryption code and does it, we still don't know exactly how easy or difficult the crack is

So do you have to wait for the first satelite to orbit it to believe that there is another side to the moon?

Actually when I spoke to Ian Goldberg about this they had written plenty of code, guess what though they don't think it is necessary to make the code available to make the point. The only reason to have the code would be to do something malicious with it.

But that is irrelevant, the demand for absolute proof is ridiculous, the burden of proof lies on the IEEE group to prove that WEP is secure Most of us would prefer to know well in advance of a system being broken that it is vulnerable. Measuring the degree of security even if it cannot be broken is still an important thing to do.

As for actually reifying the break as code, I don't have to see that done to have it proved to me. I know how RC4 works, I know how WEP performs keying. I can calculate that someone can break the scheme with a few weeks of effort and a moderately fast machine.

Lucent et. al. are charging premium prices for 128 bit encryption what they are delivering is only worth 24 bits that is misleading advertising at the very least - particularly since they knew about the flaw for over a year.

Wireless Equivalent Privacy (2)

Zeinfeld (263942) | more than 13 years ago | (#318377)

There are two problems with WEP, first the implementation of the protocol is flawed, second the risk model of the protocol is entirely wrong. Unfortunately the WEP group show very little interest in remediation.

The basic protocol flaw is that a stream cipher is used with an insufficiently large initialization vector. If a block cipher had been specified the protocol would actually be reasonably secure. The reason a stream cipher is problematic is that the ciphertext consists of the plaintext xored with the cipher stream. This makes all sorts of integrity attacks possible and means that the security of the system depends on the initialization vectors never being re-used.

The more serious flaw is the belief that the difference between a wireless network and a wired one is that the network is no longer protected by physical security measures. Ethernet may be insecure, but in most cases access to an ethernet requires physical access to the building in question. With a wireless card a sacked employee can be surfing the intranet from the car park.

The most serious security risk of wireless then is the lack of authentication, in an ethernet network there is an implicit authentication that is obtained by having got through the front door. WEP makes no attempt to duplicate this, nor do the remediated versions of WEP. All the 802.11b users in a network share the same access key

There are plenty of ways to make this secure, unfortunately that is not on the agenda. Patching up the privacy so as to make the cards sellable is all that is likely to happen in the short run. Bodge 'em and flog 'em. The purpose of WEP is not to give users security it is to overcome the customer's legitimate security concerns so as to make a sale.

The obvious security solution is to bind a private key into each card, just as is happening with newer cable modems. The public key certificate fingerprint for the card is printed on the case. To enable a new card for access to the network the admin adds the fingerprint to the 'authorized users' list.

Sure there are some remaining risks - extracting the private key from the device for e.g. but it is unlikely to be possible to extract a private key without the authorized device holder knowing (particularly if we all read Paul Kocher's articles on timing and power analysis attacks).

In summary, the WEP protocol should be discontinued in its present form. Early deployers would be well advised to ignore the layer 2 security on the card and wrap VPN security arround it, such as IPSEC or PTPP etc. That gives security but the crypto processing is now being done on the processor and not on the 802.11b co-processor where it belongs.

The other piece missing from 802.11b deployments is that at the moment security is a binary switch. I would quite like visitors to the company to have Internet access from our conference rooms but not Intranet access. It should be possible to configure the base station to allow any PC to connect to the outside Internet without requiring an authentication key ahile requiring an authentication key for access to the local area network. Same goes in a large enterprise where employees from another division may be allowed access to the Internet (and their own LAN) but not the division they are visiting.

Re:Wireless Equivalent Privacy (2)

Zeinfeld (263942) | more than 13 years ago | (#318378)

Ooops, what I meant to say was

The more serious flaw is the belief that the difference between a wireless network and a wired one is the lack of privacy. In fact the most important difference is the fact that the network is no longer protected by physical security measures

Re:Software layer as a solution (2)

Zeinfeld (263942) | more than 13 years ago | (#318379)

There is a possible solution: use software with encryption.

WEP is encryption, the problem is that it is bad encryption. They used a stream cipher in a way that a stream cipher does not provide security.

Re:Layer 2 (2)

markmoss (301064) | more than 13 years ago | (#318380)

Do remember that if someone is willing to spend big $$$ on it, they can pick up everything passing through those twisted pairs from an antenna across the street. The CIA has done much tougher interception jobs. I think few, if any, industrial spies would have the capability now, but that sort of equipment will benefit from Moore's law also. So some day you are either going to have to encrypt everything, or run fiber to the NIC...

But wireless has an extra layer of insecurity -- not only can you spy on it easily, but you can also inject false data.

Re:The end user doesn't want to deal with security (2)

markmoss (301064) | more than 13 years ago | (#318381)

True, true... For an analogy from a slightly different field: some professional car thieves can create a key to fit your car and drive away in 60 seconds, but most stolen cars had the keys left in them...

Some things (2)

blair1q (305137) | more than 13 years ago | (#318382)

1. Who ever told you the Internet was secure? Whoever it was, is, as we say, a lamer.

2. I ran into the Airwave guys in front of Fry's Palo Alto store a couple of weeks ago, and snarfed some of their lit. Their idea is cute, but they have a major chicken-and-egg problem: they need to either sell access to users before locale proprietors will sign up en masse, or they need to sell locale installations before the users will sign up en masse. And 90% of their 100 or so hits so far are coffee shops. Who spends more than ten minutes in a coffee shop, and are enough of those droids interested in wireless connectivity that you'll make any money at $1.99/use or $9.99/mo? And now their tech is compromised, so you can't even trust you're not giving away your Next Great Mobile SKU Database Platformation Business Model plan to the Latte Mafia when you're WEPping it to your bankroid. Tsk, tsk.

--Blair
"There's a joke here about ALL YOUR BW ARE BELONG TO US but I'm feeling too conservative to use it, today."

Re:Gee... you think? (1)

eggboard (315140) | more than 13 years ago | (#318383)

HomeRF had the FCC approve a change to its implementation of FH in 2.4 GHz which boosts it to 10 Mbps in its 2.0 version, and up to 22 Mpbs in a not-yet-released 3.0 spec. The HomeRF group claims to be ready to ship by summer a variety of devices. The 5 GHz range will be dominated by 802.11a. I don't know whether its FH or DS, but FH doesn't make sense given the DS involvement in 802.11b. "a" should operate above 50 Mbps according to manufacturers. Expect delivery of equipment later this year or early next year. They will make access points with both 2.4 GHz ("b") and 5 GHz ("a") chipsets and antennas to handle transition from b to a, especially in enterprises. Here's the 802.11 (wireless LAN) IEEE workgroups site: http://www.ieee802.org/11/index.html and an excellent summary http://www.eetimes.com/story/OEG20001002S0048

Re:Wi-Fi, Lies, and Propaganda (1)

eggboard (315140) | more than 13 years ago | (#318384)

"Intel sponsored the study because a year ago Intel was full-blown behind Bluetooth. Bluetooth has since died a nasty death, and Intel has changed courses to embrace Wireless Ethernet."

This is horribly misinformed. Bluetooth hasn't died; it hasn't really shipped. It will, almost certainly. Intel didn't drop Bluetooth; it dropped HomeRF, a competing high-speed networking standard. Bluetooth's purpose is wholly different - mostly for very low-power synchronization and info exchange, like synching a Palm with a laptop, loading phone numbers into a cell phone, etc.

We'll see if Bluetooth lives up to it. But Intel is pouring lots of cash into the hole, as are several other major chipset makers and many many hundreds of manufacturers. As with cell phones that browse the Web, the design will determine it's really useful and consumers (business and home) actually want it.

But it's coming. 802.11b and Bluetooth won't be competing; they'll be complementary, because 802.11b, for the foreseeable future, takes up too much power, and won't be cheap enough ($20 vs. $5 ultimately) per chipset to integrate into the simple devices that will use it.

Re:Some things (2)

eggboard (315140) | more than 13 years ago | (#318385)

Actually, Airwave is one of dozens of companies, including MobileStar, WayPort, Surf and Sip, etc. All of them have networks of varying size. Most of the major airports in the US should be wired by year's end. Or, rather, unwired.

In Sweden, Telia has put WiFi in quite a few locations, and is about to expand in partnership with SAS to a number of European outlets, and a couple in the US - all SAS waiting lounges.

The deployment is underway; the real problem is roaming agreements, so you pay a single monthly fee and can access all networks. There are some problems with that, of course, because of the nature of access points and access lists. Too long to go into here.

I wrote about this at length back on Feb. 22. Here's the NY Times link (no reg required link): http://www.nytimes.com/2001/02/22/technology/22WIR E.html?pagewanted=all

no (1)

b0iler (316609) | more than 13 years ago | (#318386)

ffs, read /. more ;) there has been a few articles on WEP insecurities now. ieee has gotten alot of flack for their new release of this (802.11) standard.

dmz (1)

petong (320755) | more than 13 years ago | (#318387)

just set up your wireless network in a dmz. What's the big deal?

Wireless is not really the point (1)

slashdot.org (321932) | more than 13 years ago | (#318388)

How secure are cables really? In a lot of cases its fairly easy to get access to cables (I think of the DSL connection running through my outdoor telephone closet, for example).

In office buildings it's often even easier.

The real solution is to use encryption at a higher (lower?) level: IPSec or so. I don't know why this is not becoming a common practice yet, but I suspect the difficulty of software setup is one of them.

When I complained to some (fairly intelligent) friends about the security of wireless LAN, and how I didn't trust it because the MAC addresses are always plaintext, they replied that if there where security issues, surely big companies like Lucent would have fixed it by now, right?

Kind of shows the average attitude towards security. Most people just don't give a shit.

Re:dmz (1)

gd23ka (324741) | more than 13 years ago | (#318389)

The big deal being that a DMZ is already a trusted area on the network. I guess if your organization is hooked up to the internet and you allow access to (sensitive) appplications by encrypted VPN you could sandwich the access point between a firewall to the internet and a firewall to a DMZ. Treat AP traffic like you would treat traffic coming from the internet.. net ----|Internet FW|--|Wireless AP|--|DMZ FW|-- If you want to provide free access to the internet to the masses the fw on the internet side is optional of course :-).

Jeez, This Is Bad. (1)

journalistguy (398433) | more than 13 years ago | (#318390)

I'm going to run out to Frys right now and find a serial cable that will connect my Orinoco card to my Airport.

You don't even know what a URL is (1)

cybork_monkey (414491) | more than 13 years ago | (#318391)

It's the thing you click [earthlink.net] on that's supposed to GO SOMEWHERE.

BTW, YHBT HAND ;)

802.11 makes it easy (1)

pshipley (414960) | more than 13 years ago | (#318392)

with the right hardware you can drive at 25Mph and locate and assocate 3 to 5 networks every block.

From a high building with line of sight and a directional antenna it is not hard to connect to a LAN several miles away.

Nothing new, not a comprehensive view either (1)

Psifon (414994) | more than 13 years ago | (#318393)

WEP shared key authentication has been known to be weak for a long time. Most products use open authenticaiton which is better. In this case they need the same WEP key and SSID to talk, but its not used in the initial negotiation. You can also turn the broadcast of the SSID off.

Products like Cisco's Aironet have implemented additional security enhancements, such as dynamic WEP keys using LEAP, which reduces the risk dramatically.

Wireless still isnt overly secure, but if used with all the available security measures can be a mitigatable risk. Then there is minimising RF leakage....
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?