Re: Is Dynamic WEP Secure Enough?

[Kinnell <kinnell.t () gmail com>]

Should an attacker really be afraid of these guards?  I mean with most
"rent-a-cop" people it can be said that they probably don't know
anything about computers, or attacking a target through a wireless
medium.  So if one of these guards actually walks up to a car with
some guy sitting in it would he even know what to look for?  One could
say something about running security checks for the company and show a
fake ID.  In most  cases when a pentest is done for a secure company,
like one who pays for roaming guards, no one knows about it; If they
did then the security test would be obsolete since everyone's guard
would be up (different than a normal day).

So anyways, I agree with Vladamir, unless you absolutely need wireless
don't use it.  If you do, then tunnel it and only allow one or two
connections at a time, also only turn on this ability when the user
has specifically asked the Security Admin, in person, and he/she deems
it fine a good excuse.

-Kinnell


On Wed, 23 Mar 2005 14:35:48 -0500, Vladamir
<wireless.insecurity () gmail com> wrote:
> Personally I would be very hesitant about using any form of wireless
> media for the potential transmission and receiving of corporate data. I
> just don't trust wireless.
>
> If you MUST use wireless, have the user use an IPsec tunnel into the
> network in addition to WEP
>
> shankarnarayan.d () netsol co in wrote:
> > In-Reply-To: <BAY23-F17FDF23357CBAAF81FA301874E0 () phx gbl>
> >
> > All,
> >
> > Forgive me for my ignorance and please correct me if I am wrong OR if I have wrongly understood these/ any of the 
> > replies to the Dynamic WEP question
> >
> > We have all considered how insecure Wireless is using dynamic WEP in the scenario mentioned and I quote - "Due to 
> > one of our applications, we will be sending a clear strong signal to the parking lot". As also the mail says "Right 
> > now my plan is use PEAP w MSCHAP v2 with dynamic WEP crypto for my corporate SSID" to quote from the mails of Rocko.
> >
> > My understanding of Dynamic WEP is that, in the case of PEAP or for that matter any other form of EAP derived 
> > security, there is no single common WEP key that is derived and used for all the clients. The point I am trying to 
> > lay my stress on is "no single common WEP key". In this scenario - if we were to look at this organization where we 
> > assume, should I say about 100 Wireless clients, then at an average of 15 people under each Access Point, this 
> > translates to 15 different keys - one key per person on the same Access Point. Add to this the probability of 
> > people moving from one Access Point to another at every (say) 3hours interval. Add to that the probability that the 
> > keys are not all changing at a defined point in time - this implies that based on when the user has derived the 
> > first dynamic key - the key changes at configured intervals.
> >
> > To an external user (sitting in the parking lot) this poses 5 levels of randomness -
> >
> > 1.  different users have different keys
> > 2.  different users changing their keys at different points in time
> > 3.  different users traversing across Access Points and hence changing their keys
> > 4.  The physical security that is existing on the ground that can contribute (if not greatly - at least to a 
> > reasonable extent) and hence the probability of finding out a parking lot hacker
> > 5.  Add again the probability of this guy getting sufficient numbers of weak IV's
> >
> > Add to this, the number of users that are really sitting down in an area that provides a strong signal to the 
> > parking lot. Add also "direction finding capabilities" - (I am not too sure what this direction finding capability 
> > of the Access Point is, but based on context I guess it is something that deals with improving security).
> >
> > SHOULD WE STILL BE AS PARANOID AS THESE MAILS SOUND OR CAN WE RELAX A BIT.
> >
> > Ofcourse I would also like to add that we have not looked at whether this is a scenario where we have a Patch 
> > Antenna/ Parabolic Antenna that transmits signals in a defined direction - in this scenario there is a possibility 
> > of the replies above being used as an effective hack
> >
> > Moreover, most Organizations that have this level of consideration for security should be having some form of IDS/ 
> > IPS - NIDS/ HIDS - wouldn't these have detected/ alarmed the Admin in some way or the other if he is on the LAN/ 
> > some Server/ workstation
> >
> > Technically, if we were to sit down in front of a box, it will crack after sometime, but realistically in the 
> > scenario - is this possible, I guess this is the outlook that we should take when we discuss on such problems. 
> > Moreover, this immediately puts a doubt in the mind of the person about PEAP and EAP related security measures or 
> > for that matter any solution when thought from this point angle
> >
> > I WOULD LIKE TO KNOW THE COMMUNITIES' VIEW IN THIS SCENARIO.
> >
> > Rgds,
> > Shankar
> >
> >
> >
> >
> >
> >
> > > So if I follow the thread, WEP is OK ... j/k.
> > >
> > > Upon further digging with my staff, we have very few wireless devices even
> > > on that network.  Therefore scrapping them won't hurt as much as I thought.
> > > Mr. Martin's last post does raise a question; how fast can you rotate keys?
> > > Why not every 3 minutes?  I assume overhead would be a problem.
> > >
> > > Lastly, my preferred solution is Trapeze Networks.  There system seems very
> > > slick with the multiple security systems I need.  The next closest was
> > > Extreme Networks, but they don't seem to be as advanced.  Plus we have all
> > > their switches and the APs are same fruity purple.  The questions is, has
> > > anybody had any experience with Trapeze (good or bad), they seem to be newer
> > > company.  Any intel would be awesome.
> > >
> > > Thanks
> > >
> > > Rocko
> > >
> > >
> > >
> > >
> > > > From: Kelly Martin <kel () securityfocus com>
> > > > To: Jon Smith <like2hax () hotmail com>,security-basics () securityfocus com
> > > > Subject: Re: Is Dynamic WEP Secure Enough?
> > > > Date: Mon, 21 Mar 2005 16:53:24 -0700
> > > >
> > > > No, WEP can be cracked in less than ten minutes (even on a network without
> > > > much traffic - a hacker can stimulate his own traffic). Rotating keys just
> > > > isn't enough to cover the weaknesses, unless you want to rotate keys every
> > > > three minutes. :) Personally I think WPA is the only way to go, or else you
> > > > might as well keep the network open and turn WEP off entirely.
> > > >
> > > > We published the following articles by Michael Ossmann on SecurityFocus
> > > > recently:
> > > >
> > > > WEP: Dead Again, Part 1  http://www.securityfocus.com/infocus/1814
> > > > WEP: Dead Again, Part 2  http://www.securityfocus.com/infocus/1824
> > > >
> > > > Regards,
> > > >
> > > > Kelly Martin
> > >
> > > _________________________________________________________________
> > > Express yourself instantly with MSN Messenger! Download today - it's FREE!
> > > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/