WLAN users told to encrypt data

posted onSeptember 27, 2001
by hitbsecnews

Business users with 802.11b wireless LANs should encrypt their data, say the grassroots 'freenet' builders. Companies transferring data on 802.11b wireless LANs should treat the systems as they would the Internet and encrypt sensitive network activity rather than rely on the inbuilt security protocols, according to a coordinator behind one of the WLAN community network projects that are springing up in the US and Europe.

Ken Caruso, one of the people behind the SeattleWireless "freenet", made his comments in a wide-ranging email answer to questions from ComputerWire about the ethos and technology behind the project. He offered a commonsense approach to the problems of wireless security.

"My most common response is 'treat it like the Internet.' Putting on a server or client is no different than putting a server or client on the internet, you take the same security measures," Caruso said. "You should encrypt all your sensitive network activity and make sure to not rely on WEP encryption built in to the wireless devices as it is easily crackable. For instance, I firewall my home network from my access point allowing wireless users to get to SeattleWireless and some services on my network - webserver, dns - however, I keep anything that I do not want available blocked behind the firewall. As I said, same as being on the Internet, except in this case you only have to worry about people in your geographical area, on the Internet you have to worry about everyone in the world. A lot of this wireless security hoo-ha came about because companies had people putting up APs [access points] in their corporate LAN, allowing a 'drive-by' person [hacker] to connect to the part of the network that should be protected by the company's firewalls. What they should be doing is putting the AP's outside the firewall and requiring users of the wireless LAN to VPN into the corporate net."

Clearly, the corporate world can learn from what is happening in the grassroots 'freenet' movement. Even though many of the people involved in the 25-odd similar projects worldwide feel little kinship with big business, and some are positively hostile, they are still among first people to create wireless access networks outdoors, valuable experience that corporate users may come to call on in the future.

"We want to provide a wireless city-wide infrastructure that people can use for whatever they choose," Caruso explained. "We really want to build a network that supports itself with its own content and services so that it can survive the without the internet. Some people have made analogies to the old-school BBS systems, and I haven't really decided how I feel about that analogy. We are not saying that people shouldn't use the network to connect to the Internet; we just want to make it clear that we are not an ISP. We want to build local network infrastructure."

Such projects have been facilitated by the falling cost of 802.11b, which has enabled everyday users to think about participating in this kind of project. Other high-profile freenets include SFLan and NYCWireless in the US and Consume.net in the UK.

"SeattleWireless has three classes of "nodes", backbone nodes - referred to as B Nodes - Client Access Points - referred to as C nodes - and then just plain clients - end users," Caruso explained. "The backbone nodes will route traffic over point-to-point links to various client access nodes. A backbone node can also act as a Client Access Point if it has the proper gear."

For those that just want to be an end user they can buy a $150 wireless card for their computer. "For people that want to participate in the building of the network, we are averaging around $600-$1000, but are working really hard to bring down below $500. This is mostly dependent on the cost of 802.11b gear dropping," Caruso said.

Of course, creating a metropolitan LAN with 802.11b involves overcoming one major technical problem, whether you are Cisco Systems or Joe public. The crrent specification has a maximum range of 100 meters (300 feet). There are a couple of things [we can do to get around this]," Caruso explained. "For backbone links we use directional antennas that concentrate the transmitting power of a node so that it can travel farther. With a clear line of sight and directional antennas, you can link to nodes that are 10-20 miles away. As for client access points, if we need to give access to a large area the answer is multiple access points with high gain omni-directional antennas."

The line of sight issue probably means that the systems will be most useful in towns and cities, where antennas can be placed on tall buildings, rather than in rural settings. However, one of the problems that has not really been faced yet is that the technology uses the 2.4GHz unlicensed band and could face interference problems as more WLAN and Bluetooth equipment becomes available and clogs up the airwaves.

ZDNet

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs