National Webcast Initiative
Wireless Security
Wire-Free Does Not Always Mean Risk-Free!
Wednesday, July 20, 2005
Question and Answer Transcript
Question: Is Access Point the same
as a Wireless Router?
Answer: Yes, commercial Access Points are also
wireless routers.
Question: What is OFDM vs. DSSS?
Answer: OFDM is an acronym for Orthogonal Frequency
Division Multiplexing, an FDM modulation technique for transmitting large
amounts of digital data over a radio wave. OFDM works by splitting the radio
signal into multiple smaller sub-signals that are then transmitted simultaneously
at different frequencies to the receiver. DSSS is an acronym for Direct-Sequence
Spread Spectrum. DSSS is one of two types of spread spectrum radio, the other
being frequency-hopping spread spectrum.
Question: What is the cost of Wireless
Philadelphia? Can companies use this? What kind of bandwidth (backbone) are
we talking about? Will each connection be throttled?
Answer: What is the cost of Wireless Philadelphia?
It is estimated that this type of wireless mesh network can be deployed for
approximately $60,000 per square mile. For the City of Philadelphia with approximately
135 square miles of land area, wireless access could be provided to the entire
city for $7.0 to $10.0 million.
Please visit http://www.phila.gov/wireless/faqs.html
for
more information on Philadelphia Wireless.
Question: Has New York State provided
broad guidance as to a range limit that can be a best practice?
Answer: At this time, NYS has not yet sent out
any hard guidelines.
Question: Why don't most of the Access Points allow
one to change administrator user to another name?
Answer: Most Access Points are end user home products
and they are designed for ease of use more than they are designed for security.
Question: What recourse would an individual have
if a commercial entity saturated the unlicensed spectrum making a home Wi-Fi
network impossible?
Answer: Since the spectrum is unlicensed, there
is no other recourse other than negotiation between the parties. There are
different technologies, different channels, different power capabilities,
etc.
Question: Isn't locking down access using MAC address
control pointless since MAC addresses can be spoofed?
Answer: Mac address filtering is adding another
level of security to your Access Point. It is not a definite solution.
Question: Are not wireless routers able to be reset,
and are therefore vulnerable to being reset by a hacker?
Answer: Most can only be reset locally (i.e - with
physical access to the device). But this is an important concern to be aware
of.
Question: What is the difference between EAP-TLS
and EAP -TTLS
Answer: EAP-TTLS is an extension of EAP-TLS which
provides for certificate-based, mutual authentication of the client and network.
Unlike EAP-TLS, however, EAP-TTLS requires only server-side certificates,
eliminating the need to configure certificates for each WLAN client. In addition,
it supports legacy password protocols, so you can deploy it against your
existing authentication system (such as tokens or Active Directories.) It
securely tunnels client authentication within TLS records, ensuring that
the user remains anonymous to eavesdroppers on the wireless link and the
entire network to the RADIUS server.
Question: When do you think Wi-Fi will be secure
enough to use safely?
Answer: Wi-Fi can be made secure if a user understands
the system and takes the recommended precautions such as using WPA, SSL etc.
Question: What is 802.16a?
Answer: 802.16a is a standard for Fixed Broadband
Wireless Access.
Question: Is 802.16a "wi-max?”
Answer: Yes. It is the standard for fixed broadband
wireless access.
Question: How can you prevent MAC address spoofing?
I thought the addresses were burned into the hardware? Can you prevent LAA
from being used?
Answer: Many modern OS’es let you set the
MAC address on your Network Interface Card (NIC). However, limiting MAC addresses,
turning on encryption, and setting firewall rules on your AP can definitely
lock things down to the point that an attack is impractical.
Question: Are the security issues any different
when using a wireless cell card?
Answer: Cellular data connections are not as susceptible
to malicious sniffing programs as Wi-Fi or even wired Ethernet connections.
Although you can be reasonably sure that the person sitting next to you in
a café isn't sniffing your cell communications, we can't say the same
for someone on the network between your cellular carrier and the Web server
you're trying to get to. So, unless you trust everyone on the networks in
between, you should follow the same common sense guidelines that you would
on any public network:
• Use a VPN if you need to connect to any sensitive resources at your workplace.
• Use secure versions of Web pages when signing into Web-based email, e-commerce
sites, or anything sensitive.
• If you have to log into a machine remotely, use secure tools such as SSH,
OpenSSH, or PuTTY instead of telnet and FTP.
The same steps to lock down the device, the network connection and the data flowing on that connection should be accomplished, no matter what wireless network you are on.
Question: How can an organization promote
and receive approval on a policy requiring passwords on blackberry’s
and phones?
Answer: You can use a business perspective approach.
If not, try to leverage audit or regulatory compliance requirements.
Question: What is the biggest barrier for IT adoption
of wireless networks?
Answer: Wireless is still reasonably new and its
adoption means more support and more work for IT staff, which can be considered
to be the biggest barrier.
Question: Is it illegal to use someone
else’s
access point?
Answer: It is an open question of law and may be
dependent upon State statutes. The MS-ISAC recommends that individuals use
all due diligence NOT to use someone else’s access point to avoid both
the potential misuse of someone else’s network as well as a potential
reduction in their capacity.
Question: What's the difference between 11g and
11i?
Answer: 802.11g is a protocol for wireless connectivity,
providing speeds up to 54Mbps. 802.11i is a security standard for wireless
networks.
Question: Are firmware upgrades available for existing
802.11g devices to make 802.11i capable?
Answered Privately: none that we are aware of.
Question: How do we merge authorized access Wi-Fi
with open access Wi-Fi within the same space?
Answer: It depends -- from a policy perspective,
if you're all under the same authority (e.g. UT System), try pushing for
a wireless airspace policy. From a technical perspective, make sure there's
no channel interferance.
Question: How can I tell on my laptop that I am
connected to a middleman?
Answer: The first step is to make sure that the
name of the Access Point is correct. The second step would be to make sure
that the MAC address of the Access Point is the same. The only way to be
really sure would be to have some type of VPN authentication with your AP
so that no one could possibly act as a man in the middle.
Question: Will using encryption, WEP or WPA, impact
my performance/response time?
Answer: It will impact performance, but it should
not be overly noticeable to the end user.
Question: Where can I find a best practice resource
on how to securely set up a wireless network?
Answer: There are a number of resources, including
a guide from CERT available here: http://www.us-cert.gov/cas/tips/ST05-003.html .
In addition, please refer to guides from your ISP, IT support, and hardware
vendors.
Question: How much data (mb) needs to be captured
(sniffed) to break a 128-bit WEP key and about how long does it take?
Answer: Approximately 10mb needs to be captured
and it would take about 4 hours on a high traffic Access Point.
Question: If one were to purchase Wi-Fi equipment
in the near future, what .11 should one look for?
Answer: .11g is recommended – but it depends
on your needs.
Question: What vulnerabilities/solutions
may be associated with using "over-the-air" updating of a fleet
of cell phones?
Answer: There are no known vulnerabilities for
over the air at this time.
Question: How do you verify that you
are connecting to the "real" network and not the "man in the middle" network?
Answer: The only way to know if you are on the
proper network is to ask the network owner if they see you on their network.
First and foremost, ensure you are connecting to an "infrastructure
network", not an "ad hoc" or "Computer-to-Computer" network.
Next, make sure the name and security settings of the network you are connecting
to correspond with the correct network that you are trying to use. Most shops
have a flyer or pamphlet that provides this information to customers. Finally,
if the system is asking for personal information when it is supposed to be "free," do
not put your information in. Do not bank online or do anything that would
compromise your identity on a public hotspot. Make sure your computer is
safe (firewalls, anti-virus, anti-spam, anti-spyware are all up to date,
etc.).
Question: With 802.11g - is 500 meters realistic?
What would the requirements be to get such a range?
Answer: While Wi-Fi devices can talk to one another
within about 300 feet, 802.11g's range is about 10 percent less. To compensate
for the shorter range, a company seeking to upgrade may have to buy more
802.11g network access points than the Wi-Fi points it is replacing. In addition,
range is a function of the type of network, the environment it is in and
the peripherals of both the network and the client. As mentioned above, you
can now "daisy-chain" wireless network devices together
to provide even further coverage without stringing more network cabling.
-