RE: Wireless

[Paul Robertson <proberts () patriot net>]

On Fri, 9 Aug 2002, Carl Friedberg wrote:

> Paul,
>
> An easy starting point (very easy to use, and very low cost) is to buy
> an Orinoco Gold card, put it in a laptop, and get netstumbler
> (www.netstumbler.org).

Actually, I've got two Lucent Gold cards, I just think my wireless credit 
limit is about to be used up in enterprise environments ;)

> If you can afford it, go with Cisco. They have some excellent white
> papers (as usual) describing the Cisco add-ons which will make it much
> harder to get rogue ap's and/or PC Cards connecting to your network.
> They use techniques like rekeying with every packet, etc. Cisco is
> working on various techniques which integrate this to an enterprise,
> including Radius, etc.

Right, but that doesn't help with the rogue connection issue- which is to 
me the larger risk (it's pretty easy to get someone to do sanctioned 
wireless correctly- it's much more difficult to stop unsanctioned 
activity.)

> Some noteworthy points about WiFi:

This is a good and useful list, so I'll just annotate it a bit...

> (1) all forms of WEP have been cracked; and the software to do that is
> easily available;

Counterpoint: That doesn't mean you shouldn't enable it.

> (2) WiFi is radio, so 802.11a has higher bandwidth and shorter range
> than 802.11b. 802.11b can/will interfer with other devices on the same
> frequence band, such as newer portable phones, some microwaves, and
> potentially (though they deny it) Blue Tooth.

I thought I saw something on /. last month about lightbulbs that could 
cause problems in a pretty large area (I tend to worry more about 
signal-based DoS attacks than most.)

> (3) WiFi uses half duplex, so it is a shared collision domain, just like
> the old days of 10mbps and hubs. The more users on an AP, the less
> bandwidth each can get.
>
> (4) Any allowed access points should be on their own subnet, and in
> their own security domain.
>
> (5) Most illicit installations have "out of the box" settings, typically
> the password, ip settings, and lack of encryption. That makes it easy to
> take control of the rogue AP and potentially completely disable it
> (i.e., change admin password and IPrange, disable wireless, disable
> DHCP, etc).

In a metro area though, that AP may not be "yours," making such things not 
the best thing to disable.  Think 1/2 a floor in Manhattan for "wireless 
nightmare scenerio."

> (6) WiFi is radio. You could get fancy and try to triangulate to find
> out where it is, but that is getting more expensive.

I'm not sure it's all that expensive- I just don't know how practical it 
is in an environment where there is heavy legitimage usage.

Thanks,

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards