Re: generalized (was: Re: wifi security

["J. Bilder" <electro () bildz dyndns org>]

Cisco LEAP is a good way of adding security to your wireless network.  You
can integrate with your Windows 2000 Domain and require users to log in
before even getting a wireless connection.  This would also issue them a
per-session WEP key that is random and rotates.  Even if a user were to
sniff out the WEP key, its only session based and there are multiple WEP
keys they'd have to sift through [not to mention decoding all sorts of radio
traffic]



----- Original Message ----- 
From: "Meritt James" <meritt_james () bah com>
To: <simon () snosoft com>
Cc: "D'Amato Luigi" <admin () securitywireless info>; <lists () kentane net>;
<security-basics () lists securityfocus com>
Sent: Wednesday, August 27, 2003 11:10 AM
Subject: generalized (was: Re: wifi security


> I advocate that approach, not only with wifi but suitably modified to
> ALL media!  It is very difficult to hack into a system or network and
> get information which is not there.
>
> Jim
>
> -SIMON- wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Actually,
> >         What I would suggest for wireless security is simply not sending
your
> > sensitive data out over the air.  Encrypted or not, you are still
> > sending it out for everyone and anyone to snag. If you are relying on
> > the encryption for good security, well, you are simply assuming that no
> > one else has the key, or a way to crack it.
> >
> > Sensitive data == copper.
> > other can == air.
> >
> > D'Amato Luigi wrote:
> > > try
> > > www.securitywireless.info
> --------------------------------------------------------------------------
-
> >
> --------------------------------------------------------------------------
--
> > >
> >
> > - --
> >
> > - -simon-
> >         http://www.snosoft.com
> >         Tibetan "Book of the Dead," ca. 4000 BC.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.1 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iD8DBQE/S7W8f3Elv1PhzXgRAjCmAJ9+azc5YkhbGsK4aD747k2tvVAdgwCgi3zr
> > GExD5j5nKjrulQ0KA0ivToI=
> > =gIuf
> > -----END PGP SIGNATURE-----
>
> --------------------------------------------------------------------------
-
> > Attend Black Hat Briefings & Training Federal, September 29-30
(Training),
> > October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> > technical IT security event.  Modeled after the famous Black Hat event
in
> > Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> > Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
> --------------------------------------------------------------------------
--
> -- 
> James W. Meritt CISSP, CISA
> Booz | Allen | Hamilton
> phone: (410) 684-6566
>
> --------------------------------------------------------------------------
-
> Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> technical IT security event.  Modeled after the famous Black Hat event in
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------