The process to establish the next-generation Wi-Fi standard, which promises to quadruple transmission speeds, has stalled as members of the working group developing the standard failed to pass the main proposal onto the next stage.
New Wi-Fi standard takes the slow road
2005-05-20 Internet 17 Comments
I have yet to see any mention of security. This is somewhat sad that people deploy WIFI and most don’t understand the consequences.
I am not talking about the corporate network but more in regards to Mom & Pops bicycle shop, or your neighbors cable/dsl set up with a wireless router or ap.
The media is insecure by default, its up to the stanrds group and vendors to implement security by default. Look at what the original 802.11a spec. They have somewhat started to clean up their acts.
O’Well… Happy surfing.
The idee that you get any added “security” by disabling network access is only true if you run any insecure services on the network from start.
You shouldn’t do that no matter what.
I always leave my accesspoint unencrypted and open for the public in thanks to all the times I have been able to access some hotspot when I’m out traveling.
it is not as if it is hard… turn off the ID broadcasting…. use WPA (at home use it with a PSK) and then use MAC address blocking.
no one is getting on there.
Sure… maybe the machines on the network are secure… but this doesn’t stop me from using someone elese bandwidth. Or to perform <ahem> illegal activities without a hope in hell of someone tracing it back to me.
I remembe when I bough my wife an iPAQ a year ago with a WiFi router… didn’t have time to setup the router because it was late at night and we have kids 🙂 Anyway… we charge up the unit, turn it on and low and behold… somewhere in my neighborhood there are 3 broadband access points I could access. None of them were using WEP or that other security method (me forgets at the moment).
So, to make a long story short… I was able to identify one of the routers (my next door neighbour used his first name as the ID broadcast for the access point) and decided to use his connection for a couple of days until I setup my router.
Methinks many people in a similar situation would save the $40/month and just leach someone elses bandwidth.
If I ever find the time I’ll help my neighbhour configure a WEP key, minimally.
quack! quack! quack!
To be untracable when you use your exploits ain’t that hard even if you don’t have access to your neighbours wlan. there is a lot of other ways to get internet access.
And if my neighbours choose to borrow some of my 24/8 Mbit connection they are welcome to it. We are, after all, neighbours and those should help each other.
Eh, once you’re in the infrastructure network, it’s pretty much a free for all anyway. As long as someone isn’t able to install a key-logging software, but that has more to do with OS security. As for wireless security, you have to ensure that you log into ssl servers so as to encrypt your information.
You can steal someone’s bandwidth, but you never know if they have a firewall installed on their end and are logging all of your activity. That seems more dangerous than hosting your own AP.
“somewhere in my neighborhood there are 3 broadband access points I could access. None of them were using WEP or that other security method (me forgets at the moment).”
I pay the local and only crappy OC internet provider $50 /month for Internet (did anyone mention antitrust?) and I’ll be damned if I incrypt my router in any way – For what I’m concerned the whole block can use my accesspoint.
I use only Linux computers on the network and if anyone can hack into my box’es, they deserve the “pleasure”.
The problem is, setting up Wi-Fi security isn’t always as easy as it should be.
For example my home network is not as secure as I would like it to be namely because I’m using 3 brands of equipment: a Netgear router, Apple Airport cards, and a MacSense aero-pad plus USB wireless widget.
The USB wireless widget is the problem, despite what the manufacturer says, despite repeated un/reinstalls, despite drive upgrades, it will not connect whenever I enable WEP encryption. I’ve tried both 64 and 128 bit and no dice.
As a result, I’ve got a 1/2 locked network. I changed the default name of my network, I don’t broadcast my SSID, an I’ve MAC-filtered it, but at this point, I really can’t do much more to secure it other than explaining to the hubby that we never never never do any kind of remotely financial transaction from a laptop.
OTOH, I don’t think I’m at that much risk. I mean, I know that my MAC addresses can be spoofed, but given that I’ve got 2 unlocked networks … I can’t see why somebody would bother breaking into mine.
Finally, for me to go into my network and set mac-filtering up was fairly simple, though I did have to consult the manual at several points. My husband could never get through the setup process; Netgear assumes you’ve got a intermediate tech knowledge.
There needs to be a better way to “automagically” enable security on wireless networks. Something that would never require the technically semi-literates like my husband to dig into the router configuration.
I really can’t do much more to secure it other than explaining to the hubby that we never never never do any kind of remotely financial transaction from a laptop.
Why? You shouldn’t be doing any financial transactions unless the server is using SSL, in which case the data will be encrypted all the way between the server and your laptop regardless of whether you wireless network is secure or not. Think about it, the internet is not a secure network so it doesn’t make the slightest difference whether your local network is secure or not if you are sending your data over the internet anyway.
Why? You shouldn’t be doing any financial transactions unless the server is using SSL, in which case the data will be encrypted all the way between the server and your laptop regardless of whether you wireless network is secure or not.>>
“It’s not whether or not you’re paranoid, it’s whether or not you’re paranoid enough.”
I know all this. And I know that the two completely unsecured networks near by are much more tempting compared to mine (which requires some work to get into) but I’m *still* paranoid that somebody could spoof, get in, and start digging about in cached files, unlock the keychain, find a back door to sysadmin access, etc. Yes, I know these things are *VERY* hard to do, and I’ve firewalled and done other common sense bits of security regarding passwords, permissions, and file sharing, but I’m just a “belt and suspenders” kind of person when it comes to this thing.
Not that WEP can’t be broken, but I figure anybody who wants to break WEP 128 + MAC address filtering, well, by goodness they’ve *earned* getting into my laptops.
You mentioned, reinstalls, and driver updates; does this usb adapter have a flashable firmware? I don’t know if you’ve tried it but its worth a shot.
Additionally if it really, really matters that much to you; you could setup one of your wired connections to act as a VPN host, creating an IPSec/L2TP VPN for your wireless clients to connect through.
In all honesty thought – buying another usb adapter would probably be the easiest method.
Well, I guess I’m just not paranoid about these things. My network is secure enough for my comfort with WEP and MAC filtering, I would use WPA if the printer would work with it, but it doesn’t so I’m content with it as it is. The only reason I’m bothered with having any security is because I don’t want anyone hijacking the connection for downloading illegal stuff.
I’m happy doing my online banking over the wireless network even if it isn’t secure, though I will only use my linux box for it as the Windows boxes on the network aren’t mine so I can’t be 100% sure they are uncompromised as other people use them, even though I believe they are.
I’m *still* paranoid that somebody could spoof, get in, and start digging about in cached files, unlock the keychain, find a back door to sysadmin access.
I asume that you are talking about your banking stuff here. You are afraid that someone would detect and use one of the macaddresses on your network to be able to attack your workstation with a 0day remote exploit to use another to gain root and then monitor your traffic/password/whatever.
Since you are paranoid I asume that you not only filter trafic based on mac on the edge but also on your workstation.
I can’t really se how making the attacker use wepcrack will harden your network, It’s not like an unknown bug.
Since you are paranoid I asume that you not only filter trafic based on mac on the edge but also on your workstation.>>
What I’ve done with the main machine is turn off the file sharing and remote access features.
That and none of the machines have the same password on the sysadmin account.
Because I’ve got an intermediate level of tech knowledge (and because OS X makes firewalling and other security fairly easy if you know what to look for) I’ve got a secure enough set up on my wireless network using MAC filtering, permissions, and the sort of things a tech savvy person considers common sense.
But, see, I know about these things because (a) they interest me (b) I read tech-websites and (c) as my department’s liason to the IT staff it’s my *job* to know about these sorts of things. (For example I recently explained to my boss some of the issues/drawbacks of wireless technology in an effort to help her understand why the IT department hasn’t dived in and deployed wireless internet in the building. [And if you think I’m paranoid about security … you haven’t met our head IT person.])
But the average schmeddly on the street doesn’t know acronyms like WEP or MAC (they might think MAC = Macintosh).
I’m not sure of the solution, but if on installing a wireless widget, a little box popped up and asked, “How secure do you want your network?” (a) no security (b) I want to encrypt my transmissions (c) I want to allow only the following machines to use the network (+ a link that shows how to find a MAC address) (d) I want to encrypt AND restrict
The manual that came with my Netgear router is well written, and I find that navigating the configuration screens once I log in is fairly straightforward. Then again, I know what terms to look for.
But despite all that, the instructions for how to secure the network are buried a few chapters in. Once JoeUser gets on line, “Dood! I’m surfing! Woo-Hoo!” which will happen by the time you get done with the instructions on chapter 2, they’re not going to read on. (Which is probably what two of my neighbors have going on. “Woot! I’m on-line!” And never a thought beyond that, because they probably assume that wireless is like their cordless telephone; nobody else can listen in. [I have to admit that a part of me is tempted to be completely unethical and have a bit-torrent bonanza on their bandwidth.])
Securing the network should be an inescapable part of setting the router up to get you on-line. As in signals will not get sent until something is done on the A-D setup screen.
I can’t believe that anyone thinks MAC address filtering and/or WEP encryption makes them anymore secure at all. MAC addresses are easily spoofed and even 128-bit WEP can be broken in a relatively short amount of time. Hiding your SSID is also useless. If you’re depending on the obscurity of the tools one needs to accomplish these tasks then you might as well use 802.11a with AES. At least you can’t legally obtain listening devices for the 5Ghz range.