http://www.gcn.com/20_24/security/16838-1.html By WILLIAM JACKSON GCN STAFF August 20, 2001 Wireless networks are fast to set up and flexible enough to let workers roam through an office or campus. But you would not want to trust anything sensitive to todays 802.11b wireless LAN standard, said Maj. David A. Nash, an electrical engineering and computer sciences instructor for the U.S. Military Academy at West Point. The Army has a moratorium on wireless LAN use, said Lt. Col. Daniel Ragsdale, director of the departments information technology and operations center. They're flushing out a lot of security issues, Ragsdale said. Ragsdale and Nash attended sessions on wireless LAN security at last months Black Hat Briefings in Las Vegas. Not enough, off balance Although improved standards are on the way, current wireless security is inadequate and does not scale well, said Mandy Andress, president of ArcSec Technologies Inc. of Dublin, Calif. The IEEE 802.11b Ethernet standard operates in the 2.4-GHz band at data rates up to 11 Mbps. Products for the forthcoming 802.11a, which delivers up to 54 Mbps in the 5-GHz band, should be available late this year. A more secure version of the standard is under development that will provide key management and 128-bit Advanced Encryption Standard encryption. But for now, methods to control wireless LAN access and prevent eavesdropping are not completely secure. Access can be defined by a devices media access control layer address, but such addresses are easy to discover and spoof, and managing the lists is difficult for large networks, Andress said. Virtual private networks cut down wireless mobility by requiring users to authenticate themselves when roaming from one server to another. And small VPNs are not cost-efficient. Tie it tighter An open-source program called SLAN, for Secure LAN, available at slan.sourceforge.net, works like a VPN but is simpler, Andress said, and not very scalable. Wired Equivalent Privacy, a wireless security protocol, does not use strong enough encryption and is vulnerable to attack. All users of a particular access point share the same encryption key, which is a serious weakness. WEP is a fundamental vulnerability on 802.11b networks, Nash said. Not until its weaknesses are thoroughly repaired will wireless networks be suitable for classified, sensitive or even official-use-only information, he said. Despite weaknesses in current products, Ragsdale said, wireless networking does have a role in noncritical environments, such as at the military academy. Were in the business of teaching people computer science, he said. But until more security is built in to standards-compliant products, government should be wary of putting its LANs on the air, he said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Aug 23 2001 - 04:41:43 PDT