[ISN] Drive-by hackings 'a myth'

From: InfoSec News (isnat_private)
Date: Thu Mar 07 2002 - 00:27:12 PST

  • Next message: InfoSec News: "RE: [ISN] Internet-based Counterintelligence against the CIA"

    [Hmmm, If I didn't know better I'd swear that this Gartner analyst 
    pulled this talk out of an ISN posting from January 14th 2002. 
    http://cert.uni-stuttgart.de/archive/isn/2002/01/msg00127.html - WK] 
    By Nick Farrell in Montreaux [06-03-2002]
    Wireless Lans as secure as any other form of networking 
    The wireless networking industry is being hamstrung by a myth that it
    is peddling an insecure product, according to a principal analyst at
    Speaking at NetEvents in Montreux Andy Rolfe said that, for all the
    high profile news about the potential for drive-by hackings, he is yet
    to see an actual case reported.
    "Most of the issues surrounding wireless local area network [Lan]
    security disregard the security facilities that are available today.  
    At Gartner, our advice to our end user clients is that wireless Lans
    can safely be deployed today using an end-to-end virtual private
    network," he said.
    It is claimed that wireless Lan signals can be intercepted and, with
    the right equipment, hacked.
    "This is where most reported hacks have taken place, but they have not
    really been serious because all sensible enterprises secure their
    systems with firewalls and multiple password levels," explained Rolfe.  
    "In this way, all the hackers can get is free internet access. That is
    really the extent of the problem so far."
    He maintained that the industry had publicly debated the security
    issues around wireless Lans in a confusing way and had alienated
    potential purchasers.
    "The argument must be moved on so that we begin to advise and guide
    potential end users about how they can secure their wireless Lans and
    select the right solution for their particular environment," said
    In a panel discussion that followed, members agreed that the
    technology was largely as secure as any other style of networking. The
    issue was that many companies did not switch the security features on
    or have adequate authentication procedures in place.
    Nick Hallwood, enterprise manager at 3Com, pointed out that very few
    companies have effective single sign-on systems which would help to
    solve the problem.
    "The ultimate solution would be to produce something that is centrally
    controlled for enterprises. This could be brought under the control of
    the information systems department," he said, adding that the only
    real solution to make wireless secure was to set it up outside the
    "At 3Com we deploy our own wireless Lans in the same way that we
    recommend our customers to do it, i.e. outside a firewall. Then we
    require our own users to tunnel in through the firewall to the
    corporate network," explained Hallwood.
    Mario Maas, business manager at Agere Systems, insisted that wireless
    Lans should be introduced according to standards, but said that it is
    important to consider the applications (enterprise, home internet
    access etc.) for which very different solutions are required.
    "We think that people need to be educated about Lans, which is
    something that the vendors need to put on their plate in order to gain
    maximum security for their systems," he concluded.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Mar 07 2002 - 03:29:45 PST