Home: www.packetnexus.com
Toens Bueker wrote : > Hi *, > > I just read this slashdot story: > > http://slashdot.org/articles/01/02/05/1411215.shtml > > Here's the details: > > http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html > > Does anybody know anything about what the > vendors/developpers are going to do about this? > > By > Töns Read it, my answer is why bother. By the way, don't read the SlashDot comments, the people here are totally clueless and don't even talk about the correct stuff. I've got two main objections with their "attack". First, WEP is Wired Equivalent Privacy, which means exactly what it does. This is not high security, but just enough to fend off the casual attacker. The attack depend on snopping successfully the network for a minimum of 5 hours (in fact, their maths are wrong, because max throughput is more like 5 Mb/s, and that's assuming full traffic). 5h is not a casual attacker in my book. And you need 15GB of storage and process this 15GB for each newly received packets. Not a casual attacker in my book. Then, the bit flipping is quite unrealistic. That would require some pretty sophisticated radio equipement (especially considering the timing requirement, all the multipath effect and that the receiver might use an equaliser or a directive antenna - yuck !). So, if somebody is willing to spend 5h and 15GB and all the programming complexity to process the data to try to break into your network, I don't think that anything at the sophistication of WEP will stop him. I don't think that brute forcing RC4 will stop him. And I don't think that breaking in your flat and putting clips on your Ethernet cable will stop him either. On the other hand, WEP is enough to discourage your neighboor to try, especially that the value of your traffic is not much anyway, so why would he bother. Anyway, he probably spend much of his time watching TV. So, in essence they look at WEP and they say : "Ho, that's not a high security system". Of course, it was never designed to be ! Now, let's talk of the *real* security problem of 802.11, as opposed to the wandering mind of a few academics. And I don't understand how they could miss something so fundamental. The real problem is : ONE SINGLE STATIC SHARED KEY I can tell you that this one is the one that prevent our security people from sleeping at night (not the other stuff). If one laptop get lost, basically the whole security of the network is gone (and we have a few laptop stolen in building every year). Moreover, people tend to write down the key in visible place, because otherwise they won't remember it. Ouch. A bit of human engineering, and you will get those darn keys. Then, as it's a shared network, users can listen on each other, whereas in a switched infrastructure, you get only your traffic on the wire. Of course, you should assume that if it's unsecure with WEP, it's also unsecure on a shared 10T (unless you can physically control every centimeter of the cable). Of course, there is only so much you can do at the MAC layer, so I don't expect the MAC layer to get any better security. We are dealing with a connectionless broadcast paradigm anyway. Vendors such as Lucent and Cisco are going for Radius authentication, so you can see that the general tendancy is going to be VPN over WLAN (IPsec, PPPoE, SSH, whatever). Why reinvent the wheel at layer 2 when you have good solutions abo