Re: [PEN-TEST] Wireless (In)Security

From: Chris Tobkin (tobkinat_private)
Date: Thu Apr 19 2001 - 07:15:49 PDT

  • Next message: Zeke Shif: "Re: [PEN-TEST] Wireless (In)Security"

    > I'm interested in finding any URLs that discuss Wireless Security
    Audits
    > and/or war driving. I am especially interested in hardware and
    software
    > used. If you know of any, or have first hand knowledge, please reply.
    I
    > have searched (google and astalavista) and not come up with much.
    
    Well, here are the ones I found interesting..  Noone really talks about
    the 
    equipment used, but you should be able to figure that out on your own..
    
    ------------------------------------------------------------------------
    --------------
    Experts ponder securing the wireless world
    http://www.cnn.com/2001/TECH/industry/04/13/wireless.security.idg/index.
    html
    Good read on the problems surrounding wireless and why they're hard to
    solve.
    
    ------------------------------------------------------------------------
    --------------
    802.11 and Swiss Cheese
    http://www.zdnetasia.com/biztech/security/story/0,2000010816,20196487,00
    .htm
    Good article -- takes a look at the problems from an honest, realistic
    point of view.
    		That's just dandy. We're effectively being told that
    unless we are a
                      large enterprise with a dedicated IT staff and the
    necessary
                      infrastructure to set up VPN servers and associated
    folderol
                      we're not worthy of properly designed and implemented
    security.
                      A flawed system is considered sufficient. 
    
    ------------------------------------------------------------------------
    --------------
    Fortress Strengthens Wireless Equivalent Privacy
    http://www.ntsecurity.net/Articles/Index.cfm?ArticleID=20706
    An introduction to wireless Link Layer Security (wLLS) which is based on
    their 
    patented "Secure Packet Shield" technology.
    
    ------------------------------------------------------------------------
    --------------
    Looks like war driving is an interesting idea -- at least for
    journalists..
    // Note: 1) "the important part of getting this to work is having the
    external antenna. 
    		It makes all the difference" says Shipley
    	   2) @Stake added wireless auditing about two months ago..  
    	   3) beware the pizza guy.  :)
    http://www.securityfocus.com/templates/article.html?id=192
    
    ------------------------------------------------------------------------
    --------------
    http://www.cs.umd.edu/~waa/wireless.pdf [PDF]
    
    Abstract
    
    The explosive growth in wireless networks over the last few years
    resembles the rapid growth of the Internet within the last decade. Dur-
    ing the beginning of the commercialization of the Internet, organiza-
    tions and individuals connected without concern for the security of
    their system or network. Over time, it became apparent that some
    form of security was required to prevent outsiders from exploiting the
    connected resources. To protect the internal resources, organizations
    usually purchased and installed an Internet firewall.
    
    We believe that the current wireless access points present a larger
    security problem than the early Internet connections. A large number
    of organizations, based on vendor literature, believe that the security
    provided by their deployed wireless access points is sufficient to
    pre-vent
    unauthorized access and use. Unfortunately, nothing could be
    further from the truth. While the current access points provide sev-
    eral security mechanisms, our work combined with the work of others
    show that ALL of these mechanisms are completely in-effective. As a
    result, organizations with deployed wireless networks are vulnerable to
    unauthorized use of, and access to, their internal infrastructure.
    



    This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 21:38:21 PDT