- Posts: 20
- Thank you received: 0
wireless Networking
20 years 1 month ago #3131
by hmmz_2000
Ok, first of all.
a)I didnt want to start some sort of argument.
b)Mr Chris Partsenidis
Founder & Senior Editor
www.Firewall.cx
I appologise. I didnt realise "what a stupid this to say" was 'uncivilized' 'unacceptable' and 'insulting anyone'.
It clearly wasnt intended for that.
(can i use "silly" next time ?)
c)Sahirh, I hope you didnt take what I said as some sort of personal attack, it wasnt. I respect all you comments yourve made in these forums, there excellent.
Ok, after i read your first post, i got this impression:
wireless security is *silly* and hacking into wireless network is *silly*.
which I said thats *silly*.
Where theres a security risk theres a hacker and where theres a hacker theres a security risk.
theres always going to be ppl trying to hack WLANs, and also unsecure WLANS are always going to be there.
I have access to 2 unsecure WLANS from my office. and one from home. I didnt even try!
As for the 2nd post:
Sorry, dont agree.
Yup
Agree, there are other security risks. it would be wrong for someone to concentrate on WLAN over IDS/firewall/whatever . But vice-verca! I think that all security are equally important.
I dont think there is a "bigger problem" in security, one should consider them all equally important.
Anyways having said that, I think WLAN security is relative easy anyways.... at least till you get to VLANs.
Firewall,WEP and access lists is enough for me for WLAN.
Having said all that, I hope this Topic is finished.
Replied by hmmz_2000 on topic Re: wireless Networking
Ok, first of all.
a)I didnt want to start some sort of argument.
b)Mr Chris Partsenidis
Founder & Senior Editor
www.Firewall.cx
I appologise. I didnt realise "what a stupid this to say" was 'uncivilized' 'unacceptable' and 'insulting anyone'.
It clearly wasnt intended for that.
(can i use "silly" next time ?)
c)Sahirh, I hope you didnt take what I said as some sort of personal attack, it wasnt. I respect all you comments yourve made in these forums, there excellent.
Ok, after i read your first post, i got this impression:
wireless security is *silly* and hacking into wireless network is *silly*.
which I said thats *silly*.
Where theres a security risk theres a hacker and where theres a hacker theres a security risk.
theres always going to be ppl trying to hack WLANs, and also unsecure WLANS are always going to be there.
I have access to 2 unsecure WLANS from my office. and one from home. I didnt even try!
As for the 2nd post:
I believe that there are bigger problems to worry about than wireless security
Sorry, dont agree.
The way I see it a WLAN is almost as hostile as the Internet
Yup
In short, deal with wireless security for sure, but when you take a break from deciding between WEP, EAP or the latest proprietary security protocol from company Z, please turn off file sharing on your internet facing gateway thank you very much.
Agree, there are other security risks. it would be wrong for someone to concentrate on WLAN over IDS/firewall/whatever . But vice-verca! I think that all security are equally important.
I dont think there is a "bigger problem" in security, one should consider them all equally important.
Anyways having said that, I think WLAN security is relative easy anyways.... at least till you get to VLANs.
Firewall,WEP and access lists is enough for me for WLAN.
Having said all that, I hope this Topic is finished.
20 years 1 month ago #3135
by hmmz_2000
Replied by hmmz_2000 on topic Re: wireless Networking
no probs!
all cool
anways made a mistake with VLANs ...... i acctually ment VPNs ....
all cool
anways made a mistake with VLANs ...... i acctually ment VPNs ....
20 years 1 month ago #3144
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: wireless Networking
Hmmz, no problem mate, I'm not in the habit of taking any of these things to heart -- in fact I hadn't even read your first post, it was edited before I hit this thread.. rest assured you are more than entitled to call me silly and stupid... hehe
Ok now that that stuff is out of the way..
The thrust of my argument was not that wireless security is silly... its merely that with wi-fi touted as the next big thing, and the failure of its security measures really threw it more into the limelight. The insecurity of wireless networks do not come so much from the fact of them being 'wireless' and accessible to an attacker, as from the fact that it was flawed right from the initial design
The original WEP protocol was a joke -- they figured that using a stream cipher where all users share a common static key (which most places is never changed) would be secure. not to mention the initialization vector is a mere 24 bits. It would have been easy for them to sort all this out by using a block cipher, or a cryptographic checksum instead of the stupid CRC-32 linear algorithm that got thrown in..
However the biggest issue came about when the FMS attack (which btw is targetted at RC4 the underlying encryption algo) came round.. you basically only require one byte of plaintext and a few million packetsand you can derive the key. Since 802.11 packets are encapsulated by 802.2 headers -- which haev a constant first byte.. all you need to do is collect the packets to get the key.
In fact this is exactly how tools like Airsnort and WEPcrack work.. ok so then they modified it to incorporate a 104 bit key, and airsnort became ineffective against newer hardware..
Now you have a power void.. and a bunch of contenders to the throne.. you have WPA which provides dynamic keying and key management (thereby reducing the flaw of a static key).. you have 802.1X for authentication.. you have the iEEE's TKIP, which changes keys every hour and the checksum is a crypto algorithm instead of a CRC.. Some people are designing their hardware to support AES.. and I recently read that Cisco is jumping in with their own proprietary protocol..
Whats happened here is that you're left with an array of choices.. each of which solves some part of the whole problem.. everyone is struggling to mix this cocktail of protocols and implementations to provide a standard package.. but its not happened yet (we all know how well standardisation works in the computer industry)..
All this has pushed wi-fi security or i should say insecurity into the limelight.. the insecurity comes not from the wi-fi or radio frequency (RF) layer.. but from the link layer protocols above it ! If you ran WEP over copper cable (lol) it would still be as insecure.. its got nothing to do with the fact that it runs over air waves.. ultimately if you have new equipment and just follow some basic tips (read my post a while back in the security/firewalls forum), its easier to lock down Wi-Fi than to lock down a BIND server. I suppose you chaps have more trouble with rogue access points (what does it cost ? around $150 or so ??) something that hasn't cropped up here.
To end this, ill quote from Firewalls and Internet Security 2nd edition [Cheswick, Bellovin, Rubin]
"it is not clear that the link layer is the right one for security. In a cofeeshop, the security association is terminated by the store: is there any reason to trust the shopkeeper? Perhaps link layer security makes some sense in a home, where you control both the access point and the wireless machines. However, we prefer end-to-end security at the network layer or in the applications
Now I've been a disciple of these guys since the first book, and I don't think anything could sum it up better.. that said, it goes completely against what I normally say.. that applications will always be insecure so ensure nobody malicious can use them.. but this case is an exception.
To make this post a little bit longer and to try and illustrate what Im saying through example (since I dont really know if I've got my point accross)
Scenario:
HaplessVictim Industries are the worldwide leading manufacturers of potted wax candles. I am Wile.E.Hacker and I want to break into their network so I can ship a consignment of fine candles to my friends Chris Partsenidis and Thomas Scheiderich... HaplessVictim recently installed a wi-fi access point so that their CEO can feel 'with the times' while using his brand new Wi-fi enabled laptop around the office.
A quick bit of reconnaisance gives me the whole desert tray....
The webserver is IIS 5.0 vulnerable to WebDav furthermore, they run an online order system which is vulnerable to SQL injection .
The mailserver runs Sendmail and of course hasn't been updated in a while (can you imagine the CEO not being able to read his forwards and email for a day ?) so we have the prescan vulnerability.
The Nameserver is one of my favourite dishes.. good old BIND.. and we have our choice of toppings
The FTP server is Serv-U 5.0.. a "powerful, easy-to-use, award-winning FTP server" created by Rob Beckers (he neglected to mention 'insecure'), it goes well with a portion of MDTM or the site CHMOD vulnerability if you're interested in keeping the calories down.
The Microsoft SQL database server is running on the webserver (gasp), and as usual.. the sa account has a blank password. (Just keep pressing 'next' during the install and you will meet your deadlines).
None of this matters because they have a Big Scary Firewall (tm).. its Checkpoint.. but it turns out its not so scary after all .
The Wi-fi implementation is horribly insecure.. in fact I even have the silly 40 bit WEP key.. its '31337'.. however once i get in using the wireless lan, to do anything useful I still have to break one of the damn application servers using the same method I would have used before ... so why would I even bother with it ? well I could just sit around crashing their Windows workstations with the ASN.1 exploit ..
But then Chris and Tom would never get their candles would they..
I respect your point of view.. but I hope I've illustrated what I'm talking about here...
Ok now that that stuff is out of the way..
The thrust of my argument was not that wireless security is silly... its merely that with wi-fi touted as the next big thing, and the failure of its security measures really threw it more into the limelight. The insecurity of wireless networks do not come so much from the fact of them being 'wireless' and accessible to an attacker, as from the fact that it was flawed right from the initial design
The original WEP protocol was a joke -- they figured that using a stream cipher where all users share a common static key (which most places is never changed) would be secure. not to mention the initialization vector is a mere 24 bits. It would have been easy for them to sort all this out by using a block cipher, or a cryptographic checksum instead of the stupid CRC-32 linear algorithm that got thrown in..
However the biggest issue came about when the FMS attack (which btw is targetted at RC4 the underlying encryption algo) came round.. you basically only require one byte of plaintext and a few million packetsand you can derive the key. Since 802.11 packets are encapsulated by 802.2 headers -- which haev a constant first byte.. all you need to do is collect the packets to get the key.
In fact this is exactly how tools like Airsnort and WEPcrack work.. ok so then they modified it to incorporate a 104 bit key, and airsnort became ineffective against newer hardware..
Now you have a power void.. and a bunch of contenders to the throne.. you have WPA which provides dynamic keying and key management (thereby reducing the flaw of a static key).. you have 802.1X for authentication.. you have the iEEE's TKIP, which changes keys every hour and the checksum is a crypto algorithm instead of a CRC.. Some people are designing their hardware to support AES.. and I recently read that Cisco is jumping in with their own proprietary protocol..
Whats happened here is that you're left with an array of choices.. each of which solves some part of the whole problem.. everyone is struggling to mix this cocktail of protocols and implementations to provide a standard package.. but its not happened yet (we all know how well standardisation works in the computer industry)..
All this has pushed wi-fi security or i should say insecurity into the limelight.. the insecurity comes not from the wi-fi or radio frequency (RF) layer.. but from the link layer protocols above it ! If you ran WEP over copper cable (lol) it would still be as insecure.. its got nothing to do with the fact that it runs over air waves.. ultimately if you have new equipment and just follow some basic tips (read my post a while back in the security/firewalls forum), its easier to lock down Wi-Fi than to lock down a BIND server. I suppose you chaps have more trouble with rogue access points (what does it cost ? around $150 or so ??) something that hasn't cropped up here.
To end this, ill quote from Firewalls and Internet Security 2nd edition [Cheswick, Bellovin, Rubin]
"it is not clear that the link layer is the right one for security. In a cofeeshop, the security association is terminated by the store: is there any reason to trust the shopkeeper? Perhaps link layer security makes some sense in a home, where you control both the access point and the wireless machines. However, we prefer end-to-end security at the network layer or in the applications
Now I've been a disciple of these guys since the first book, and I don't think anything could sum it up better.. that said, it goes completely against what I normally say.. that applications will always be insecure so ensure nobody malicious can use them.. but this case is an exception.
To make this post a little bit longer and to try and illustrate what Im saying through example (since I dont really know if I've got my point accross)
Scenario:
HaplessVictim Industries are the worldwide leading manufacturers of potted wax candles. I am Wile.E.Hacker and I want to break into their network so I can ship a consignment of fine candles to my friends Chris Partsenidis and Thomas Scheiderich... HaplessVictim recently installed a wi-fi access point so that their CEO can feel 'with the times' while using his brand new Wi-fi enabled laptop around the office.
A quick bit of reconnaisance gives me the whole desert tray....
The webserver is IIS 5.0 vulnerable to WebDav furthermore, they run an online order system which is vulnerable to SQL injection .
The mailserver runs Sendmail and of course hasn't been updated in a while (can you imagine the CEO not being able to read his forwards and email for a day ?) so we have the prescan vulnerability.
The Nameserver is one of my favourite dishes.. good old BIND.. and we have our choice of toppings
The FTP server is Serv-U 5.0.. a "powerful, easy-to-use, award-winning FTP server" created by Rob Beckers (he neglected to mention 'insecure'), it goes well with a portion of MDTM or the site CHMOD vulnerability if you're interested in keeping the calories down.
The Microsoft SQL database server is running on the webserver (gasp), and as usual.. the sa account has a blank password. (Just keep pressing 'next' during the install and you will meet your deadlines).
None of this matters because they have a Big Scary Firewall (tm).. its Checkpoint.. but it turns out its not so scary after all .
The Wi-fi implementation is horribly insecure.. in fact I even have the silly 40 bit WEP key.. its '31337'.. however once i get in using the wireless lan, to do anything useful I still have to break one of the damn application servers using the same method I would have used before ... so why would I even bother with it ? well I could just sit around crashing their Windows workstations with the ASN.1 exploit ..
But then Chris and Tom would never get their candles would they..
I respect your point of view.. but I hope I've illustrated what I'm talking about here...
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.155 seconds