April 22nd, 2002 12:05 AM
Article: Hacking Through the Wireless Jungle
With a WLAN card and a sniffer, it is not difficult for a hacker to find a company's wireless network from a position outside the building. 'From there, it's possible to flood the network with traffic and create a denial of service,' AMR Research analyst Dennis Gaughan told Wireless NewsFactor. Read it here.
OpenBSD - The proactively secure operating system.
April 22nd, 2002 12:08 AM
Don't forget your pringles.
April 22nd, 2002 01:25 AM
There is a pattern with every one of these Wireless networks that are mentioned in these articles. There is no encryption, and if there is, it isnt strong enough.
Anyone with a Wireless network card can "hack" onto a WLAN without even knowing it, if no encryption is being used. Because basically, your Wireless Network Card just wants to pick up an IP address.
If WEP is being used to encrypt the Wireless Data, it makes it a little more difficult. You will need to break the WEP algorithm before you can do anything. The problem with WEP is that it uses static encryption keys, so the keys never change.
So, using Kerberos may make a difference. You can set a time stamp on WEP keys with Kerberos, expiring the WEP keys every x seconds/minutes/hours. But this doesnt get away from using a proven weak encryption protocol.
I think that the the market is moving towards having AES as a standard encryption protocol for Wireless.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
May 12th, 2002 01:46 AM
If you want to be truly paranoid (like me), you should use WEP keys rotated every so often. The time depends of course on the sensitivity of your data and the amount of traffic you produce. In addition, you should use some sort of VPN solution as well. This provides an extra layer of encryption to protect yourself from sniffing as well as a means of authentication to prevent random people in your parking lot from rying to join in on the fun of wireless.