NASA uses OpenBSD; overcomes 802.11b security flaws
The network security group in the NASA Advanced Supercomputing (NAS) Division at Ames Research Center, in California's Silicon Valley uses OpenBSD and other open source software for its wireless firewall gateway implementation. They successfully installed a secure interoperable wireless network addressing the well-known problems of the 802.11b standard wireless systems.
The NAS security group believed that the wireless network
provided provide no substantial security protection in any of three
important respects:
- Wireless card hardware addresses cannot be trusted as tools to identify
a user; - The signal coverage perimeter cannot be easily
limited to conform to an organization's physical control perimeter; - Wired Equivalent Privacy (WEP) encryption of data sent
between a laptop and an access point can be cracked, regardless of key
length. - Deriving a WEP encryption key from
eavesdropped ciphertext and a method for decrypting WEP traffic without
ever needing to derive the key are well documented.
All 802.11b security features were
disabled, because they consume resources without delivering any real security.
All the services reached via the wireless network without authentication provide their
own authentication and encryption. The NAS division uses OpenBSD, Apache
httpd, ISC's DHCP, and IPF firewall software.
More information about the Wireless Firewall Gateway implementation
is available
here.
Read
the announcement at the NAS webpage.