In-Reply-To: <BAY23-F17FDF23357CBAAF81FA301874E0@phx.gbl>
All,
Forgive me for my ignorance and please correct me if I am wrong OR if I have
wrongly understood these/ any of the replies to the Dynamic WEP question
We have all considered how insecure Wireless is using dynamic WEP in the
scenario mentioned and I quote - "Due to one of our applications, we will be
sending a clear strong signal to the parking lot". As also the mail says "Right
now my plan is use PEAP w MSCHAP v2 with dynamic WEP crypto for my corporate
SSID" to quote from the mails of Rocko.
My understanding of Dynamic WEP is that, in the case of PEAP or for that matter
any other form of EAP derived security, there is no single common WEP key that
is derived and used for all the clients. The point I am trying to lay my stress
on is "no single common WEP key". In this scenario - if we were to look at this
organization where we assume, should I say about 100 Wireless clients, then at
an average of 15 people under each Access Point, this translates to 15
different keys - one key per person on the same Access Point. Add to this the
probability of people moving from one Access Point to another at every (say)
3hours interval. Add to that the probability that the keys are not all changing
at a defined point in time - this implies that based on when the user has
derived the first dynamic key - the key changes at configured intervals.
To an external user (sitting in the parking lot) this poses 5 levels of
randomness -
1. different users have different keys
2. different users changing their keys at different points in time
3. different users traversing across Access Points and hence changing their
keys
4. The physical security that is existing on the ground that can contribute
(if not greatly - at least to a reasonable extent) and hence the probability of
finding out a parking lot hacker
5. Add again the probability of this guy getting sufficient numbers of weak
IV's
Add to this, the number of users that are really sitting down in an area that
provides a strong signal to the parking lot. Add also "direction finding
capabilities" - (I am not too sure what this direction finding capability of
the Access Point is, but based on context I guess it is something that deals
with improving security).
SHOULD WE STILL BE AS PARANOID AS THESE MAILS SOUND OR CAN WE RELAX A BIT.
Ofcourse I would also like to add that we have not looked at whether this is a
scenario where we have a Patch Antenna/ Parabolic Antenna that transmits
signals in a defined direction - in this scenario there is a possibility of the
replies above being used as an effective hack
Moreover, most Organizations that have this level of consideration for security
should be having some form of IDS/ IPS - NIDS/ HIDS - wouldn't these have
detected/ alarmed the Admin in some way or the other if he is on the LAN/ some
Server/ workstation
Technically, if we were to sit down in front of a box, it will crack after
sometime, but realistically in the scenario - is this possible, I guess this is
the outlook that we should take when we discuss on such problems. Moreover,
this immediately puts a doubt in the mind of the person about PEAP and EAP
related security measures or for that matter any solution when thought from
this point angle
I WOULD LIKE TO KNOW THE COMMUNITIES' VIEW IN THIS SCENARIO.
Rgds,
Shankar
So if I follow the thread, WEP is OK ... j/k.
Upon further digging with my staff, we have very few wireless devices even
on that network. Therefore scrapping them won't hurt as much as I thought.
Mr. Martin's last post does raise a question; how fast can you rotate keys?
Why not every 3 minutes? I assume overhead would be a problem.
Lastly, my preferred solution is Trapeze Networks. There system seems very
slick with the multiple security systems I need. The next closest was
Extreme Networks, but they don't seem to be as advanced. Plus we have all
their switches and the APs are same fruity purple. The questions is, has
anybody had any experience with Trapeze (good or bad), they seem to be newer
company. Any intel would be awesome.
Thanks
Rocko
From: Kelly Martin <kel@securityfocus.com>
To: Jon Smith <like2hax@hotmail.com>,security-basics@securityfocus.com
Subject: Re: Is Dynamic WEP Secure Enough?
Date: Mon, 21 Mar 2005 16:53:24 -0700
No, WEP can be cracked in less than ten minutes (even on a network without
much traffic - a hacker can stimulate his own traffic). Rotating keys just
isn't enough to cover the weaknesses, unless you want to rotate keys every
three minutes. :) Personally I think WPA is the only way to go, or else you
might as well keep the network open and turn WEP off entirely.
We published the following articles by Michael Ossmann on SecurityFocus
recently:
WEP: Dead Again, Part 1 http://www.securityfocus.com/infocus/1814
WEP: Dead Again, Part 2 http://www.securityfocus.com/infocus/1824
Regards,
Kelly Martin
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
