Security Basics mailing list archives
RE: Wireless LAN Security for Warehouse
From: "Rusty Chiles" <rustychiles () cox net>
Date: Fri, 7 May 2004 01:14:18 -0700
Whatever you do DO NOT use LEAP. LEAP uses a slightly modified MSCHAP to authenticate users. We all know how easy it is to do a dictionary attack on MSCHAP. Read here for more info: http://seclists.org/lists/bugtraq/2003/Oct/0052.html or here: http://asleap.sourceforge.net/ I'd go with a 802.1x implementation that uses PKI. PEAP is solid. EAP-TLS is solid. I've yet to see the upcoming EAP-FAST, which is supposed to be ciscos replacement for LEAP but it may also be an option. I'm a fan of peap.......... so I'll rant about it a little bit. For example, with PEAP we have (WEP) on the outside.......note that newer WEP implementations do not create weak IV's that are typically used to crack wep. The key must be bruteforced (a 128 bit wep key with 26 hexidecimal digits that is not based on a dictionary word passphrase may prove very difficult to crack. Now, within WEP we have PKI which is tried and true(The certificate)....... So if they break wep, now they're trying to crack the TLS Tunnel which is based on a digital certificate. Within that we have password authentication. The exchange happens within the TLS Tunnel. Which happens inside of wep. Getting the password hash here is going be a problem for a would be attacker. Lastly we have access control on a Radius server. In addition you could add MAC filtering if you wanted to, even though it doesn't really offer much security as a smart attacker can see the MAC and easily spoof it. Adding additional layers like IPSEC or VPN can add to the security as well, but it increases complexity, which isn't always warranted. With a Implementation like the one above, I wouldn't want to take the performance hit unless the data is REALLY that important. thanks, Rusty Wireless Security, Geekery, Wardriving, Wifi Maps of Phoenix & More. http://www.crackrock.org -----Original Message----- From: Paul Duffany [mailto:paul.duffany () sanmina-sci com] Sent: Tuesday, May 04, 2004 9:43 AM To: 'Jennifer Fountain'; security-basics () lists securityfocus com Subject: RE: Wireless LAN Security for Warehouse Sensitivity: Private I would suggest Cisco Leap as it is still the safest that I know of. Thanks Paul Duffany Network Engineer John 3:16 1st Corinthians 13 ********************************* Notice ***************************************************** This electronic mail transmission may contain confidential or privileged information. If you believe you have received the message in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. -----Original Message----- From: Jennifer Fountain [mailto:jfountain () rbinc com] Sent: Monday, May 03, 2004 1:56 PM To: security-basics () lists securityfocus com Subject: Wireless LAN Security for Warehouse Sensitivity: Private My company is looking into wireless technology for our warehouse to replace our RF devices. I have been tasked to research which techonolgy we should use. Right now, we are looking into symbol. They seem to have a good infrastructure. What is your opinion on their product's security? Can anyone recommend any other wireless products or recommend certain security requirements that I should look for in these devices? =20 Thanks for any help! Kind Regards, Jennifer Fountain --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Wireless LAN Security for Warehouse Jennifer Fountain (May 04)
- RE: Wireless LAN Security for Warehouse Paul Duffany (May 06)
- RE: Wireless LAN Security for Warehouse Rusty Chiles (May 07)
- Re: Wireless LAN Security for Warehouse Alvin Oga (May 06)
- Re: Wireless LAN Security for Warehouse McLain Causey (May 07)
- RE: Wireless LAN Security for Warehouse Nate McConnell (May 06)
- <Possible follow-ups>
- Re: Wireless LAN Security for Warehouse Matthew Kemp (May 04)
- RE: Wireless LAN Security for Warehouse Guillaume Lavoix (May 04)
- Re:Wireless LAN Security for Warehouse Tim Sceurman (May 04)
- RE: Wireless LAN Security for Warehouse Amin Tora (May 07)
- ssid - eless LAN Security for Warehouse Alvin Oga (May 11)
- RE: Wireless LAN Security for Warehouse Paul Duffany (May 06)