Re: Wireless LAN's

From: Jared Mauch (jared@puck.nether.net)
Date: Thu Nov 09 2000 - 10:07:43 EST


On Thu, Nov 09, 2000 at 09:52:53AM -0500, jason lewis wrote:
> Anyone have any websites that have good technical info about wireless LAN's
> and wireless security?
>
> How about answering this......
>
> What is the performance degradation on Wireless LAN Access Points when an
> ACL for MACs is in use, especially for large client populations? I know the
> Cisco stuff runs IOS, so is it similar to the performance of a router? What
> models?

        This is a rough draft of something that I began writing
last week, but this is something to think about if you operate
a wireless network in your house or if one is present in your office.

--- snip ---

Subject: 802.11b networks

        While driving around the bay area, I noticed that quite a number
of large companies have moved to doing some 802.11b networks (Probally
in order to alleviate wiring, and provide more mobility for employees).

        Most wireless networks support WEP (Wireless Encryption Protocol),
but the distribution of the fixed keys makes this somewhat of a managment
issue, and causes some people who have IT staff that are lacking
in the clue department, or non-responsive in most environments to
improperly deploy such technology.

        If the WEP is not enabled on the network, you can and do find
various access-points that are in the air. Lucent (amongst other vendors)
have antennas that can extend the range on this equipment also, providing
even more network range (and insecurity).

        Now, while I would not encourage people to go around randomly
driving by technology companies attempting to get 802.11b signal, this
does provide a bit of a network risk as some locations do have sensitive
information that may be kept within their "secure" networks, that they
are inadvertently broadcasting to the world.

        This is particularly important in office buildings where more
than one company is located, or in MDU (multi dwelling units) where
someone may have a T1/DSL/Cable Modem and is using some sort of
wireless access point, or be dialed up providing DHCP/NAT (ala the
Apple product).

        Most of the access points that I have had experience with
seem to not bridge non-broadcast ethernet traffic to the wireless
network, which is a good thing(tm), but you can infer the network
range on the wire by the arp requests that can be seen. (This is
an obvious advantage to the 915Mhz wavelan technology which operates
in a more promiscious mode).

        There are a number of things that can be done to secure
such wireless access points. The Apple product can be configured to
limit based on mac-address, which would require users to perform a
one-time registration of their pcmcia card with whomever operates
the wireless network. This provides security to prevent people from
registering with the access point and then using dhcp to obtain an ip
address from the inside of a corporate network. If dhcp is not available,
someone may also watch the arp requests on a network, and abstract what host
on the network is the router (This can usually be done by watching what IP
or IPs are the most commonly arp'ed for). This can be prevented by verifying
the mac address that is issuing the dhcp request against an internal
list of mac addresses on both the wired and wireless networks.

        Quite obviously, this type of security breach is a concern for
companies, because it makes it possible to obtain information out of
the air, instead of physically breaking in, or gaining unauthorized network
access via the internet or some other connection media.

        This also brings into key play a few important aspects:

        The wireless encryption supported inside the USA tends to be 56 or
128 bit. A modern computer could be used to take a data stream in
the air, and write it to disk, then try various keys to decode the data.

        It would not be dificult to try each of the 56 bit patterns on
data that is stored, and would require little effort to break the key
that would unlock the wireless network security. There are
72,057,594,037,927,936 combinations are available for 56 bit encryption.
Assuming a moderate speed of 1M keys tried per second to decode data,
and performing a validation of looking for valid IP packet headers,
one can identify decoded data rather quickly. If you also
only try valid printable ascii keys for the encryption, one can
also increase the search time for a valid key to unlock the data.



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:20 EDT