Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Wireless Networking Security Hardware IT

On The Current State of WiFi Security 300

Posted by Zonk from the it's-not-good dept.
An anonymous reader writes "A Flexbeta article covers the basics of WiF security. The article mentions mentions various ways of securing a WiFi network, how easy it is to crack WEP, and what the IEEE is doing about WiFi security. From the article: 'In order to address the security issues of WEP and the current Wi-Fi standards of 802.11a/b/g, the Institute of Electrical and Electronics Engineers (IEEE) is developing a new standard that is called 802.11i. This standard was developed with security in mind. The new standard implements new security entitled Wi-Fi Protected Access (WPA), which takes advantage of the Temporal Key Integrity Protocol (TKIP), is easier to setup using a pre-shared key, and can use RADIUS authentication.'"
This discussion has been archived. No new comments can be posted.

On The Current State of WiFi Security More

On The Current State of WiFi Security

Comments Filter:
  • None of which will matter if people do not put passwords on their networks that arent "default" "administrator" or "home." Oh, first post!
    • The router/firewall I bought for my parents isn't capable of changing the admin's name; it's always "admin". It also has a nasty habit of rebooting to factory defaults if I try and set the password on it. It's got a defect in it, clearly, but I'm still not going out and spending thirty bucks on another one when this one mostly works.

      Fortunately, MAC filtering and turning off the SSID makes it LESS likely that someone is going to set up outside their house and use their connection, but I still have the has

      • Fortunately, MAC filtering and turning off the SSID makes it LESS likely that someone is going to set up outside their house and use their connection

        It doesn't make it less likely that someone will go out of their way to use it, because those people have things like Kismet [kismetwireless.net] on hand. It only prevents the people who have naïve Windows XP boxen from accidentally connecting.

        • It doesn't make it less likely that someone will go out of their way to use it, because those people have things like Kismet on hand. It only prevents the people who have naïve Windows XP boxen from accidentally connecting.

          It makes it _slightly_ less convenient for people (who know what they're doing) to connect. But possibly more to the point, it shows anyone who's trying to connect that it's not a public AP - you have at least done something (although not much) to secure it. Locks keep honest peopl
      • Well, it's not like that's that huge a deal - they have to get onto your network to tinker with your router, so you're fine if your network is secure. Just make sure your password is very long, if your network is public. A password of twice normal length is the same complexity to crack as a normal length uname+pwd.

        Unless of course you're using an unpatched old Linksys router, which had a bug that allowed access over the WAN.

      • Re:None of which will matter (Score:5, Informative)

        by frodo from middle ea ( 602941 ) on Friday August 05, 2005 @11:59AM (#13250526) Homepage
        6 dumbest ways to secure WLAN [zdnet.com]

        and Some sensible advice on how really to secure it [lanarchitect.net]

        Mind you I don't recommend that you turn on SSID broadcast, or turn off mac addr. filtering, but, these options will diter only novice users from stumbling accidently on your WLAN.

        But security is not about stopping these novice users, who are less likely to cause any damage in the first place, It's more about stopping someone who is really determined to get in, in order to at best steal your bandwidth or at worst do some real damage like get sensetive data from your PCs.

        • Re:None of which will matter (Score:5, Insightful)

          by B'Trey ( 111263 ) on Friday August 05, 2005 @12:09PM (#13250622)
          Mind you I don't recommend that you turn on SSID broadcast, or turn off mac addr. filtering, but, these options will diter only novice users from stumbling accidently on your WLAN.

          Isn't that the point? If a knowledable and determined hacker wants to break into your network, chances are they're going to succeed unless you're a security expert yourself and highly vigilent.

          I could write an article entitled "The six dumbest ways to secure your house." I'd start out with something like: "Locking your front door. People put strong locks on the door, when right next to it you have a windows made of fragile glass! Hello?!? Anyone with a brick can knock out the glass and walk right in!!!"

          No, a MAC filter doesn't make your network impregnible. And locking your front door doesn't turn your house into Fort Knox. But if you're not Fort Knox, you don't need to have Fort Knox security. Make breaking into your network and effort and most people want bother. There's likely someone down the street that's broadcasting their SID and has no security at all. Why are they going to bother messing with you?

        • Re:None of which will matter (Score:4, Insightful)

          by FireFury03 ( 653718 ) <slashdot@NoSPAm.nexusuk.org> on Friday August 05, 2005 @12:15PM (#13250684) Homepage
          But security is not about stopping these novice users, who are less likely to cause any damage in the first place

          I've got to argue with this - stepping back from the whole wireless thing and talking about security in general, I can tell you that the crackers that cause the most damage are the ones who really don't know what they're doing and have just picked up a cracking toolkit (i.e. script kiddies). The script kiddies frequently end up leaving a machine they've attacked in a completely destroyed state _by accident_ (their intention is to use the machine, not destroy it but frequently it ends up trashed). On the other hand, if your system is attacked by people who know what they're doing the chances are you won't notice for a long time.
          • excellent point , which I obviously missed.

            but my intent was not to tell everone "don't disable SSID broadcast or don't use mac filtering",

            My point was rather, that you can't call your WLAN secure , just because you took some very basic measures, and even you can concur, even script kiddies can get past these things, so just having them is not going to do any good either.

            I guess what I am trying to say is security is not absolute, but a relative measure. There is no checklist that you can tick away and

            • I guess what I am trying to say is security is not absolute, but a relative measure. There is no checklist that you can tick away and say OK I am now secure.

              Absolutely - security is always a balancing act between security and usability. On one end of the scale we have the most secure setup - you have everything unplugged and turned off all the time. Obviously whilest that's completely secure from remote attack it's also completely unusable. On the other end of the scale is no security and everything's re
        • I'm not worried about serious hackers. I'm worried about the kids next door. I don't it to be completely secure, I need it secure enough that it's more convenient to bother someone else down the street.

          There's a saying among scuba divers, how do you fend off a hungry shark with a 2 inch knife? You stab your buddy and swim away.
    • How about if the wireless routers don't use "admin" for both the username and password. I've hit quite a few networks named "default" and found that the web-interface was up by default, with the default passwords.

      I'd put more blame on companies that put "out-of-the-box" ahead of security... ship the damn thing secured and have it run a "first-time setup" utility from CD-ROM for the newbies.

  • WPA2, not WPA (Score:5, Informative)

    by JemVai777 ( 411658 ) on Friday August 05, 2005 @11:27AM (#13250158)
    The real contender is WPA2 [wikipedia.org], which employs the far stronger AES symmetric algorithm in place of RC4, and adds much-desired features such as fast roaming:

    WPA2 overview [zdnet.com].

    If your hardware supports it, use WPA2. If not, settle for nothing less than WPA, as WEP is a joke and trivial to break into.

    • Re:WPA2, not WPA (Score:4, Informative)

      by marcantonio ( 895721 ) on Friday August 05, 2005 @11:41AM (#13250310)
      Actually 802.11i is WPA2.
    • Unfortunately, Linux users are pretty much stuck with WEP if they want to lead a pleasant existance. By far the easiest way to have wireless roaming capability on a laptop is to use NetworkManager on Fedora, and that doesn't yet support WPA. The only alternative that I can come up with is to write up a wpa_supplicant.conf file and do it that way, though you lose any semplance of user-friendliness.
      • Unfortunately, Linux users are pretty much stuck with WEP if they want to lead a pleasant existance.

        True (except for Gentoo users like myself, who'll be using text config files anyway). Why isn't there an easier way than manually writing a wpa_supplicant .conf? It's not terribly difficult for most configurations, but it's a bit off.
      • I use wpa_supplicant on my home network. The 30 or so minutes it took to get it up and running was well worth the added security that it provides over WEP.
    • Here's [microsoft.com] the Windows XP SP2 patch that gives XP WPA2 capability. Unfortunate validation required.
    • Do you know of any wireless print servers that support WPA as thats what is really keeping me from implementing it.
      • Why not use a wired print server attached to the switch on the access point?

        Given the limited spectrum and bandwidth for wireless networking, as well as the fact that you are broadcasting, I think it is best to use wired networking for any device that isn't mobile. That gives both higher bandwidth to the stationary devices, and potentially frees up bandwidth to the wireless devices.
  • Wireless security is a huge issue these days. When I set up my wireless network, I made sure to get equipment capable of working with WPA encryption, and turned the SSID off, etc. From where I am sitting right now, however, I can access 2 of my neighbor's unsecured, unencrypted Wi-Fi networks. And that will always be the problem. We have the capability to secure wirless networks these days with a reasonable degree of security, but people just refuse to do it.
    • I disagree with what you see as a "problem." I'm perfectly capable of securing my access points, but I choose not to, because I'm quite happy to share my signal with everyone who wants it.
    • That's precisely the reason I run WEP on my home network. Yes, it's crackable - but anybody who wants to make the effort can do just as well by going down the hall and finding an unsecured, advertised network. I tried setting up WPA once, but getting windows to play nice was an ordeal (this was pre-sp2).
      • I tried setting up WPA once, but getting windows to play nice was an ordeal (this was pre-sp2).

        I found it quite easily. But then, I was using the Neatgear drivers on Windows 98 - and then a second time on Windows XP with some other hardware-provider-supplied configuration tool. I've never had to use the Windows XP native tools - presumably they're your problem. Isn't progress wonderful?
    • Phaser® 750 Color Printer
      Ugh... I think it has more to do with people don't know how or why to secure it.
      I have helped a couple friends out with small computer problems. The Following Conversation Has happend a couple times

      ME:ohh.. Who has the laptop? you might want to get them to Secure the Wireless on this Router.
      Clueless Friend: umm.. wireless??? Laptop???
      Me: Yeah.. you have a wireless router and it's not encrypted and you still have all the deafault passwords.
      Clueless Friend: ohh.
    • While I agree in general, I don't think blaming the end user is really fair.

      After all, wifi and computers nowadays get sold as something easy to use and setup. Just plug it in and it works.

      Unfortunately, the reality doesn't really live up to the promises.
      That is, even if the just works part is true (which of course everyone who has been the resident computer geek for friends and family knows isn't always the case, to put it mildly), in many cases the default setup is simply unbelievably insecure.

      To sum it u
      • I think part of the problem was with the wi-fi standard. In addition to the normal wi-fi higher level standards, there needed to be a standard for consumer electronics for an easy way to deploy security information from the router to the clients. Whether this was a standard connection string protocol that users could jot down, a flash (or floppy) storage thing that the router writes the connection info to, or even simply having the router come with a bucket of ROM chips that plug onto a port on the back o
    • Don't look at the unencrypted network next door as a problem, it actually INCREASES your security, now there's another, much easier target right nearby for anyone who just casually wants on the net.

      All that being said, the real "solution" to all this is to get the manufacturers to configure their install programs to make you set up security (or at least make "secure" the default)

      I work for a large Canadian ISP, one of the products we now sell is our "home networking" package, this is basically an ADSL modem

  • General Security (Score:3, Insightful)

    by agarrett ( 803743 ) * on Friday August 05, 2005 @11:28AM (#13250174) Homepage
    Standard setup for the average home network user seems to be

    Take box home
    Plug in box
    let windows xp do it's thing
    Use.

    Clearly for these advances to be of any use, customers must be informed of their necessity and setup must be kept as simple as possible (helped, i suprisedly add, by XPSP2's wireless configuration app)
    The technology is all well and good, as long as it's being used.
    • Why does it have to be more complex? Imagine a WIFI access point with a small green button. If you press the button then any access attempt done in the next minute is accepted. Encryption keys are exchanged and from now on the client(s) which connected are accepted as "good". All the others are kicked out. For corporate networks, only accept clients which can authenticate with the domain server or firewall. Why does it have to be more difficult?
      • There was an article in an IEEE magazine about this sort of thing not long ago. Basically a network admin wanted to set up WPA on his network using encryption and certificates etc. But the normal installation mode was too complex for his users, who happened to mainly be PhD research types (i.e. not dumb, but not computer nerds). So they ended up writing a little program that you put on the notebook computer, you bring the notebook into a room, point the IR at the computer in that room, press a button, an
    • Take box home
      Plug in box
      let windows xp do it's thing
      Use.

      5. Wonder why your neighbours snicker when you walk past.
  • Does anyone know when/if WPA is going to be included in upcoming Linux releases? As it is now, the WPA Supplicant is the only to use WPA in Linux.

  • Why should I care? (Score:4, Interesting)

    by Robertatwork ( 902893 ) on Friday August 05, 2005 @11:31AM (#13250219)
    I read a lot about wi-fi security. However, it keeps coming down to, why should I care? Yes, at work it is important to be very security aware. However, at home, I really don't care if someone is using my connection. If they are doing something that is hogging bandwidth, when I want to use it, I can boot them. My computer is protected and on the other side of a firewall. Information that passes over the router does not touch any storage device. So, back to the question, why should I care? (as a home user)
    • So, back to the question, why should I care? (as a home user)

      Because although you'll probably get off in the end, things will get sticky when somebody knocks on your door with a warrant/subpoena for all of the music/kiddy porn "you" have been downloading?

      • That was my reason for securing my network. Another thing is: if you suddenly find yourself doing your banking over an insecure network, it can be too late. OTOH, the banking websites are usually encrypted. But I don't know how safe that is. Should I worry about this?

      • Re:Why should I care? (Score:2, Interesting)

        by truedfx ( 802492 )
        Uh, you place child porn in the same category as downloading music (without even specifying that you're referring to illegally downloading music)?
    • You don't have to care, but you there's a very small chance you'll have to explain that position to the FBI or Police in connection with whatever activities they are indulging with over your wifi.

      If you have a firewall between your AP and your computer, you're a step ahead of most people anyway.

    • Re:Why should I care? (Score:4, Insightful)

      by Redshift ( 7411 ) * on Friday August 05, 2005 @11:41AM (#13250312)
      Supposing it was a terrorist or a pedophile? How would you like Homeland Security or the FBI knocking on your door, asking you deep questions and impounding all your computer equipment for investigation? The suspicious activity did all originate from your IP address, after all.

      And how secure do you think your computer really is? When it is behind your router it has the advantage of being somewhat obscured to the rest of the world by NAT. A hacker inside your own network just has your software firewall to break down - one step closer. Furthermore, if he is able to get access to your router he probably also has access to everything you send - are you sure you want all that to be logged?

      You are very naive.
      • Yes yes, but this demonstrates why the notion of machine=>your identity is not valid. The current protocols treat network traffic as machine to machine. The notion of personal identity doesn't map well onto this concept.

        If the protocols (eg, alternative to TCP/IP) could be reworked so that concepts like person-to-person, person-to-service, and service-to-service connections were possible (and unspoofable), that'd go a long way towards allowing us to build enormous, decentralized mesh networks where Inter

      • Haha, heh...wait, are you serious?

        While we're on the subject of naivete...I really don't get the whole idea of "wireless security." People should be focusing on secure end-to-end protocols, not trying to secure the link that goes from your computer to the next hop. You do realize that everything is sent in the clear after that hop, right?

        While making the wireless connection as secure as a wired connection (i.e. not very) may impede the casual traffic sniffer, it's really rather silly to think that it

    • that firewall doesn't do much good if I'm *on* your local network.
    • What if some guy uses your WAP to download child pornography or illegal music files? Do you really know your neighbors that well?

    • Well do you care if you are broadcasting everything you do on the Internet in the wide open... If you aren't encrypting the traffic then people can sit across the street and intercept it. Some PWs and info might be encrypted, but a lot won't be. But hey if you like identity theft then feel free to ride that wide open wave!

  • What means this term "wireless security"? (Score:3, Insightful)

    by $RANDOMLUSER ( 804576 ) on Friday August 05, 2005 @11:32AM (#13250225)
    The problem with wireless isn't people who read Slashdot, it's my parents going down to Best Buy and grabbing a wireless router, plugging it in and using it. Most people don't realize what they're broadcasting, or how easy it is for other people to tap into their home network, nor even why this would be a Bad Thing.

    When my folks go to the car lot, they know to look at the Buicks. When they go to Best Buy, they don't know they're looking at the equivalent of a crotch rocket motorcycle that will surely get them killed.

  • Ship APs with WPA Enabled? (Score:3, Interesting)

    by domipheus ( 751857 ) on Friday August 05, 2005 @11:33AM (#13250236)
    As many people are saying, there is no point in advancing encryption standards if the average end user will not use it.

    On many sites, you sign up, and get given a random password. How hard would it be for manufacturers to ship AP's with a WPA enabled with a random password/key which is printed on the back of the user manual? (this is a genuine question) XP asks for a password when u try to connect to it automatically, and if you are using linux etc then you know know what the deal is anyway.

    • Re:Ship APs with WPA Enabled? (Score:4, Informative)

      by NekoXP ( 67564 ) on Friday August 05, 2005 @11:46AM (#13250382) Homepage
      I bought a Speedtouch 580 DSL modem as I just moved to Speakeasy, and lo and behold
      on the back of the modem is the MAC address of the eth0 port, and the default
      WEP/WPA key.

      Went in and changed it and everything is happy. But the thing shipped with WPA
      enabled and the default (which looks random..) key next to the serial number.

      Neko
  • According to Bruce Schneier, the security risks if WiFi [schneier.com] are vastly exaggerated.

  • A Real Question (Score:2, Interesting)

    by L. VeGas ( 580015 )
    And I did RTFA.

    What's the bottom line for my home network? I've got WPA on my 802.11g network. I changed the default passwords, etc. Is there any realistic chance of being compromised?

    Also, as an individual and not a business, what motivation would someone have for doing so?
    • Depends on who the people in your neighbourhood are. ;-) Offhand, I can think of several reasons: 1) "Free" internet. Some people avoid paying $X per month for internet service when the guy next door has a wireless router and a 3 Mbit line he's barely using. (Disclaimer: I don't do this; I pay for Bell Sympatico DSL in Ontario, Canada) 2) Proving Oneself. Somebody in range wants to consider himself a hacker so he or will try to break into your network just to prove he/she can. 3) Activities not so legal
    • I did a little test at work and cracked a 64-bit WEP in just under a day (I also may or may not have tried it on my neighbors' networks). WPA cracking tools are probably already in development. So, yes, you can be compromised.

      The motivation? Perhaps ID theft. More likely so that a bored nerd could say he is a 1337 haxor. If you have internet access, maybe one of your neighbors wants free internet.

      Some tips? Stick with WPA protection, of course. It is also a good idea to set your local IP address r

      • WEP can be cracked a lot quicker if you have a wireless nic that supports injection (i.e Prism based) I broke a 128bit WEP network (client's so it was authorized) in 11 minutes.

        MAC Filtering? overcome by MAC spoofing
        Change your IP Address range? Don't bother, if you can break the Encryption, simple packet sniffing will give it to you
        Disable Beaconing? Stops Netstumbler but Kismet will see the network the moment you send anything over it. (Although if you have an open network do everyone a favour and disable
      • This way your 13 year old neighbor will have to deal with encyption, MAC address cloning, and IP spoofing to get into your network. No doubt he will leave you alone and just use his other neighbor's open network.

        My thoughts exactly. While these measures CAN be compromised with a lot of effort, most people will move on to the unprotected network unless they're in it for the challenge of getting on. I know before I paid for my broadband, I had MANY networks to choose from in my apt. building. If it had WE

  • There are still too many wireless devices that only support WEP. The WiFi card for my Palm T3 being one of those, rendering it useless within our firm where WPA is required.

  • Can a broadcast signal ever be secure? (Score:3, Insightful)

    by G4from128k ( 686170 ) on Friday August 05, 2005 @11:37AM (#13250273)
    While I applaud attempts to secure WiFi, it would seem that wireless will always add another channel of vulnerability to any IT system, especially because WiFi is so often deployed inside the firewall. WiFi system are generally vulnerable to both internet-based attacks and wireless attacks. And even if the 802.11i protocol "secure," there is little guarantee that both the AP and the client wifi transceiver have a secure implementation of the protocol or that the user configures the system in a secure fashion.

    As inconvenient as wires are (and even they are not totally secure), they do reduce the amount of one personal information freely broadcast into the ether.
  • Reading the article, I got the strong impression that I was reading a mediocre high-school research paper. The author is basically just parroting a bunch of well-known, easily discoverable basic information about Wi-Fi. The facts are cursory at best; and the article not only doesn't cover any new ground, it doesn't cover the old established ground particularly well.
  • From a non-network-geek kind of view it seems that the standard security systems are seriously missing in options and tough to configure. It seems like there isn't a good option for "no authentication, but encrypt everything please" (kind of akin to https) or simple password/phrase authentication, as opposed to asking people to type in these massive hex strings or handcoding in their MAC addresses.

    So even beyond the fact the encryption ain't much good, open networks tend to win out because everything else
  • I'm going to be setting up a wireless nextwork for my family in the next couple of weeks. I've never used anything wifi based so I'm a little clueless. So I'm intrested in knowing what needs to be done to secure it etc. So could anyone give me some useful links? It's just a small network for 2-3 PCs and maybe a lap top at most, I have full access and control of all three PCs (including installing the network cards myself). So any advice/good sites/hints/tips/hardware suggestions(good quality not top end la
    • I recently got my first laptop, and did some wifi hardware research. What I wound up buying are products from AirLink101(.com). I got a Super-G card for my laptop, and two Super-G access points. One is set up as an access point, and the other is set up as a bridge (receives the signal from the AP, goes out the cable into my switch, and into my desktop machines with NICs but no wireless cards; I didn't want to have to buy wireless cards for anything but the laptop). These products support WPA with AES, and w
  • Flexbeta is running a contest, asking readers to submit articles for publication. Each article published gives the author a chance to win a top-end ATI graphics card. There are several other smaller prizes.

    He's just trying to win something. He's certainly not a subject matter expert :)

  • It's virtually impossible to keep unauthorized parties off of your AP using out of the box software.

    WEP? Known cryptographic challenges, can be cracked in a trivial amount of time using automated tools.

    Access list of MAC addresses? Almost every wireless NIC allows you to watch traffic, and many allow you to reprogram the MAC address. You can watch someone authenticate at Starbucks, record their MAC address, then when they walk away, you just set your MAC address to theirs and you continue using their

    • I bought a Linksys WRT54G. Out of the box it supports the WPA security scheme. Buying it was not "virutally impossible" - hell, after rebate it was less than a hundred dollars Canadian.

      This doesn't solve the problem at Starbucks though (since a pre-shared key wouldn't really work in that setup) but it makes a home wireless network a hell of a lot more secure.

  • ...according to the opinion of the vast majority of posters.
  • I'm just not getting a good feeling about this guy's cluefulness. In general, the language is vague and wishywashy, and feels like he's read a whole lot on the topic but doesn't grok it at a level that he should before writing about it.

    For example, he doesn't seem to know what an IV is, and suggests there's something fundamentally wrong with them:

    Every time a packet is sent this shared key is paired with another key called an Initialization Vector, together these form the encryption in the packet. The

  • Build a lightweight VPN server into every router, such as Openvpn [openvpn.net] which uses TLS/HMAC and RSA keys. The router could easily generate and distribute the keys (over the wire) for wireless encapsulation.

  • Here's why we need SOLID WiFi Security..... (Score:3, Interesting)

    by 8127972 ( 73495 ) on Friday August 05, 2005 @01:18PM (#13251252)
    There was a case of a guy downloading child pron [www.ctv.ca] in Toronto by driving around at night and finding open WiFi networks (You know the ones.... Their SSID's are Linksys and Default). Apparently when he was caught, he was naked from the waist down looking at explicit images. (Ooh. Bad image)

    I point this out as I used to work for a VAR that sold WiFi products to businesses who would just order the products and throw them up onto their network rather than pay us to come in and properly install and secure the environment (which was usually Windows based). When this happened and I pointed it out to them that this could be them (or something worse might happen, such as the cops knocking on your door because they traced the downloads to their net connection), they changed their tune in a hurry and let us secure the networks.

    Places like Best Buy should hand this article out to their customers. That would reduce the problem in a hurry.

  • Linux and WPA (Slightly Offtopic) (Score:4, Informative)

    by Halo- ( 175936 ) on Friday August 05, 2005 @01:33PM (#13251436)
    Okay, I admit it. People think I'm a security freak, but I still run 802.11b with WEP enabled at home. I've got strong keys, I filter MACs, I disable beaconing, and have put up other minor fortifications, but I still know I'm running pretty open.

    So why haven't I improved things?

    Simple. Even though I'm a pretty technical Linux user, I've been unable to really feel confident going out and buying 802.11g stuff with WPA, because the existing documentation on the net is pretty bad.

    I'm waiting for the mythical "someone else" to set up a nice, straight-forward site that says "here are the cards you can buy at store X which support Linux and don't require binary drivers, patched kernels, and other crap" Sure, there are lists of chipsets, but the actual stores don't list the chipset in particular products often, and the vendors often have multiple versions of the same card with different chipsets.

    I think a lot of the problem is the actual hardware industry itself. 802.11b wasn't hard to get Linux support for, but because of the software controlled radio in 802.11g chipsets, it's a bit tricker legally.

    And don't get me started on Bluetooth. I got a new phone which has it, and I'd love to buy a little USB Bluetooth dongle so I can play with it, but right now the main Linux Bluetooth page has been asked to take down their list of devices known to work under Linux, because someone in the Bluetooth SIG complained the devices weren't technically qualified. (link [holtmann.org]) What a load of crap! So instead of getting a dongle which might not work, I'm just not going to get one at all. Everyone loses.

    PCMCIA Firewire card is marginally easier, but again, trying to track down and actual card for sale which matches the user-reported specs and models is pretty damn hard. I spent conservatively 3 hours online and in Fry's reading before I got a card which works great until you eject it and panic the kernel.

    I guess where I'm going with this rant is that wireless security (in the non-Windows world) would probably be better if the "standards" followed went a bit deeper and were more open to allowing outsiders to confidently buy products. All I'm asking for is a label or a sticker on the box telling me what chipset and version the device uses. It's not hard, and it shouldn't be a secret. Anyone technically savvy to make a purchasing decision based on chipset is technically savvy to figure out what chipset is in a device once they've bought it and spread the word.

    Wow... my first rant. Sorry about that....

  • strong security over wireless is possible (Score:3, Insightful)

    by PureFiction ( 10256 ) on Friday August 05, 2005 @02:18PM (#13251977)
    IPSec SHA256 AH AES128 ESP

    We setup such a configuration at DEFCON and despite various attacks against both AP and client, including evil twin, WDS exploits, traffic replay, etc. the network was absolutely impenetrable.

    The only secure configuration I would consider would be WPA2 with RADIUS authentication. Pre-shared key is vulnerable to dictionary attacks so be sure to key with a good random string if you use this mode.

Slashdot Top Deals

Math is like love -- a simple idea but it can get complicated. -- R. Drabek

Close