Re: Wireless insecurity at NANOG meetings
In message <Pine.GSO.4.40.0209211957580.21971-100000@clifden.donelan.com>, Sean Donelan writes:
On Sat, 21 Sep 2002, Martin J. Levy wrote:
I agre security is sadly lacking, but it is probably impossible to implement in a conference environment.
Look this is a very simple issue. Sean's first post really pointed out that it's "bad form" for a set of operators to run an insecure network. I would believe that it's "good form" to at least try. It was stated that the network was not run by the "operators". OK, I accept that, but it's run by people with great (actually fantastic) connections to real operators (ie: us).
I feel like a Rorschach Test.
Is the Nanog confernce network really insecure for its purpose?
This is the real question -- what are you trying to protect? Apart from its (many) other problems, WEP is useful for protecting a single hop at layer 2. It does not protect against attacks at higher layers. (That's true of virtually all security mechanisms, I might add -- and I say "virtually" because I don't really trust my reasoning at at an hour when I really should be asleep, but I think that "all" is correct.) Apart from the problem of attacks from the Internet -- surely we don't want NANOG to run a firewall for us -- there are easy attacks that can bypass WEP. For example, someone could use ARP-spoofing to launch an active attack on even non-sensitive Web traffic. Btw -- that has happened on the wireless network at at least two conferences I've been to in the last few years. And no, these weren't black hat or grey hat conferences. If it weren't for the cryptanalytic attack on RC4 -- the one attack on WEP that wasn't foreseeable -- and if it had been done properly in other respects (i.e, if it had per-user keying, key management, and no "IV" collisions), WEP could provide access control. We could even imagine an AES-based WEP with key management, etc. -- and *all* it would buy us is access control. Is that worth it for NANOG? Again, what are you trying to protect? Is access to the conference net a resource that needs to be protected? Maybe it is, if you're concerned about drive-by spammers. But there's another resource, and that's the reputation of NANOG, or at least of its members, as folk who know how to run a network. Wide-open 802.11 networks are often a bad idea, precisely because access is a resource that needs to be protected. Beyond that, there's sometimes a "good neighbor" issue -- you don't want to accidentally attract folks who want to be on some local net of their own. Maybe a closed net is reasonable for that purpose -- but that's about it. If you want to protect yourself, make sure that your software is fully patched, you expose as few services as possible to the outside, and that you don't send anything unencrypted if it's at all sensitive if intercepted or modified. Beyond that, make sure that you're lucky, because new holes can be found at any time. Note, btw, that I didn't say "do that at conferences", or "do that for 802.11 hosts".... --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
participants (1)
-
Steven M. Bellovin