Wireless internet is great. 802.11 a/b/g has become so affordable, everyone is doing it. Heck, I’m posting this blog entry from an 802.11g connection. But, what about security? Now, I’ll say right up front, I am not a security expert my any means. I’m not even a security amateur. So, having said that, take the rest of this post for what it’s worth.
Joe internet user goes down to Best Buy. He buys a wireless access point and a PCMCIA card for his laptop – all for less than $100. He takes it home and plugs it in. After reading the quick start guide (90 seconds) he is now an expert and seamlessly starts cruising his broadband internet connection from his lazyboy. Joe is nobody. He doesn’t have anything people would want to steal, so he isn’t worried. Besides, who goes around connecting to people’s wireless internet connections anyway?
Joe’s friend comes over with his laptop and instantly connects to his connection. He tells Joe he should setup WEP encryption and MAC address authentication. Joe doesn’t know what that means, but lets his friend set it up. Joe now feels invincible. Little does he know that WEP encryption can be cracked in 10 minutes and MAC address spoofing is a matter of running an application.
For Joe user, WEP and MAC address authentication is enough. Unless he has a geek neighbor that is determined not to pay a monthly internet bill, he should be fine. Now, a business is a different story. Now there is customer data, business secrets, and a lot more that needs to be secure. This is why I think that until things change, businesses should have two networks. There is no reason for desktop machines to be wireless. And laptops in meetings? There should be plugs for them to plug in to. Wireless should be reserved for PDAs and laptops that do not need access to the main network. E-mail, checking news, etc.. WEP encryption and MAC address authentication should still be used, but it should not have access to vital information.
It would be nice if you really could secure a wireless connection though. 802.11i is in the works and it is being developed with security in mind. I haven’t read a lot about it, mostly because standards drastically change from where 802.11i is now and where it will be when it is final. I do have my own idea for a secure network though (at least I think it is an original idea).
A company called RSA Security makes a device called a SecurID token. This token has an 8-digit (I think it’s 8) number that changes every minute or two. This is synchronized with software on a server. In order to login to the server, one must have the 8-digit number than is currently the password, again, that changes every minute or two. This way, the password is constantly changing and unless you hold the SecurID token, there is no way to crack the password. It is a very secure form of authentication. My idea is this; have a similar hardware/software setup that changes the WEP key every minute or two. Unless you have a wireless card built by RSA (or whoever develops it) and configured to your network, you will not be able to connect. And, even if you miraculously cracked the WEP key in 60-120 seconds, it will change momentarily after you connect. It would take special hardware and custom software, but I think a company could make a lot of money by offering a product like that. The wireless access point (WAP) would need to be able to change the WEP key seamlessly and fast.
Maybe it isn’t the WEP key that changes, maybe it is another code that must be present to connect and is then checked every 60 seconds. If the code in the wireless card does not match the server/WAP, the machine is disconnected, even if it has a MAC address that is allowed on the network.
Again, I don’t claim to be a security expert and I don’t know all of the products out there. Maybe this isn’t an original idea and there is already a company out there selling this technology. I doubt it, but it’s possible. I just wish I had the knowledge and the resources to carry out this idea. It’s a great idea (I think), but I have no way of doing anything with it.
If anyone reading this knows of any technology similar to what I’m talking about, please e-mail me or post a comment. If you think I’m off the deep end, please e-mail me or post a comment. If you like my idea or have something to add, please e-mail me or post a comment :) I have a real interest in this topic and any links to wireless security articles are greatly appreciated.
Sorry this is so long, but hey, I’m on vacation! What else am I going to do? I’m sitting out in the backyard watching Mikayla play in the sandbox. I like wireless, laptops, and Saturdays!
Subscribe to:
Post Comments (Atom)
3 comments:
The 802.11i standard has been implementented (at least for the most part) over the existing infrastructure. Most access points support it too, more after the jump.
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
Very cool! Thanks for the link!
WPA with using PSKs is implemented in alot of cheap consumer hardware right now. However, because it uses Pre-Shared-Keys it can still be broken with a good amount of determination and time (I believe /. had an article on that last week). AFAICT, the best wireless option for a business in WPA with an enterprise password server. It avoids PSKs and keeps the high encryption of WPA.
Post a Comment