[ale] Wireless access and WEP

Bob Toxen bob at verysecurelinux.com
Sun Feb 29 18:01:52 EST 2004 

On Sun, Feb 29, 2004 at 01:32:19PM -0500, Trey Sizemore wrote:
> I understand that WEP is not the end all/be all when it comes to 
> securing a wireless internet connection, but wondered what I can do.  I 
> have a Netgear 802.11g wireless router to which I have my desktop 
> physically connected, but wanted to have a WAP for my Dell notebook with 
> Centrino.
Wired Equivalent Privacy (WEP) is a Trademarked name, not a true statement
as to its security level.  Even the lying sleazebags (in my opinion)
who own the trademark say on their web site that if you want good security
use a VPN on top of it, such as IPSec.

The U.S. Federal Gov't's NIPC notes:

     Successful exploitation of the vulnerability [in WEP] has been
     simplified to getting within range to intercept the broadcast.

(Real World Linux Securty, Second Edition p153-155.)

> What is the best way to set up the system to provide the best possible 
> security setup.  If anyone has Netgear, I'd like to know how you have 
> yours setup (WEP, limit by MAC address, etc.).
Limiting my MAC address also is almost worthless as WEP sends MAC addresses
in clear text.  Thus, an attacker can take over an existing system's
MAC address and simply crash the legitimate system to get it out of
the way -- if it is Windows.

> Thanks.

Best regards,

Bob Toxen, CTO
Fly-By-Day Consulting, Inc.
"Your expert in Firewalls, Virus and Spam Filters, VPNs,
Network Monitoring, and Network Security consulting"
bob at verysecurelinux.com (e-mail)

My recent talks on Linux security include:

-> at Southeast Cybercrime Summit in Atlanta             on Mar. 2-5 2004
-> at the FBI's Atlanta headquarters                     on Mar.  10 2004
   at IBM's Linux Competency Center in New York City     on Mar.  06 last year
   at the Atlanta SecureWorld Expo in Atlanta            on May   22 last year
   at the Enterprise Linux Forum in Silicon Valley       on June  04 last year
   at Computer Associates' Atlanta Linux Security Summit on Sep.  16 last year

Author,
"Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
2nd Ed., Prentice Hall, (C) 2003, 848 pages, ISBN: 0130464562
Also available in Japanese, Chinese, and Czech.

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

http://www.verysecurelinux.com       [Network & Linux/Unix Security Consulting]
http://www.realworldlinuxsecurity.com [My 5* book: "Real World Linux Security"]
http://www.verysecurelinux.com/sunset.html                    [Sunset Computer]
Quality Linux, UNIX and network security and software consulting since 1990.

More information about the Ale mailing list