Ok, I wont argue with you on those points because they're all correct :-) but for most instances I think a setup like that would assure most everyone wont be getting in. If someone wants in bad enough, they'll do it no matter what they have to try and do...Personally I think dumpster diving and finding a user's password scribbled on a sticky note is going to be easier and less time consuming than trying to get through the ACL, WEP and VPN. If you're still that worried about traffic going over an 802.11x network that you still feel that this setup is insecure, the question then becomes should you even be running any wireless at all?
Chisholm Wildermuth Systems Engineer dbWebNet, Inc. --------------------------------------------------------------------------- The opinions expressed here are my own and do not necessarily reflect those of my employer. -----Original Message----- From: Bennett Todd [mailto:[EMAIL PROTECTED]] Sent: Friday, May 10, 2002 10:58 AM To: Chisholm Wildermuth Cc: [EMAIL PROTECTED] Subject: Re: Wireless Technology (can it be secured and how) On Fri, May 10, 2002 at 09:48:05AM -0700, Chisholm Wildermuth wrote: > We have circumvented the flaws in wireless security by this process: > [ MAC addr ACLs, cloaked ESSID, WEP, VPN ] Of those measures, the VPN is the one on which your security hangs. - MAC addrs are broadcast in the clear; someone with a sniffer can pull them from the air. And setting the MAC addr your card uses is as easy as invoking ifconfig, at least on Linux. - ESSID cloaking doesn't prevent the ESSID from being broadcast in the clear in legitimate traffic from clients, it just keeps the base stations from inviting normal clients to join the party. Sniffing software like Kismet can pull the ESSID out of normal traffic. - WEP is flawed; Kismet can save seen WEP packets in an archive designed to let you run Airsnort to crack the WEP key. Takes minutes to hours, depending on traffic levels, but once it's done WEP is defeated, and since there's no convenient automatic re-keying system it's a big hassle to change your keys. Make sure you trust your VPN implementation, since off-the-shelf, easy-to-use tools will tear right through every other measure you have. That is the nature of wireless today. In my opinion, it's also the nature of wireless for the forseeable future; I don't know of any efforts to launch a sound design process for a replacement to WEP. I'd recommend you treat your wireless LAN as a wholly untrusted network, and use a tool like nmap to do detailed port scans of every machine, both server and client, connected to it. Attackers will be able to do the same. -Bennett
