Wireless insecurity at NANOG meetings
Steven M. Bellovin
smb at research.att.com
Mon Sep 23 08:57:03 UTC 2002
In message <Pine.GSO.4.40.0209211957580.21971-100000 at clifden.donelan.com>, Sean
Donelan writes:
>
>On Sat, 21 Sep 2002, Martin J. Levy wrote:
>> >I agre security is sadly lacking, but it is probably impossible to
>> >implement in a conference environment.
>>
>> Look this is a very simple issue. Sean's first post really pointed out
>> that it's "bad form" for a set of operators to run an insecure network.
>> I would believe that it's "good form" to at least try. It was stated
>> that the network was not run by the "operators". OK, I accept that, but
>> it's run by people with great (actually fantastic) connections to real
>> operators (ie: us).
>
>I feel like a Rorschach Test.
>
>Is the Nanog confernce network really insecure for its purpose?
>
This is the real question -- what are you trying to protect?
Apart from its (many) other problems, WEP is useful for protecting
a single hop at layer 2. It does not protect against attacks at higher
layers. (That's true of virtually all security mechanisms, I might add
-- and I say "virtually" because I don't really trust my reasoning at
at an hour when I really should be asleep, but I think that "all" is
correct.) Apart from the problem of attacks from the Internet --
surely we don't want NANOG to run a firewall for us -- there are easy
attacks that can bypass WEP. For example, someone could use
ARP-spoofing to launch an active attack on even non-sensitive Web
traffic. Btw -- that has happened on the wireless network at at least
two conferences I've been to in the last few years. And no, these
weren't black hat or grey hat conferences.
If it weren't for the cryptanalytic attack on RC4 -- the one attack on
WEP that wasn't foreseeable -- and if it had been done properly in
other respects (i.e, if it had per-user keying, key management, and no
"IV" collisions), WEP could provide access control. We could even
imagine an AES-based WEP with key management, etc. -- and *all* it
would buy us is access control.
Is that worth it for NANOG? Again, what are you trying to protect? Is
access to the conference net a resource that needs to be protected?
Maybe it is, if you're concerned about drive-by spammers.
But there's another resource, and that's the reputation of NANOG, or at
least of its members, as folk who know how to run a network. Wide-open
802.11 networks are often a bad idea, precisely because access is a
resource that needs to be protected. Beyond that, there's sometimes a
"good neighbor" issue -- you don't want to accidentally attract
folks who want to be on some local net of their own. Maybe a closed
net is reasonable for that purpose -- but that's about it.
If you want to protect yourself, make sure that your software is fully
patched, you expose as few services as possible to the outside, and
that you don't send anything unencrypted if it's at all sensitive if
intercepted or modified. Beyond that, make sure that you're lucky,
because new holes can be found at any time.
Note, btw, that I didn't say "do that at conferences", or "do that for
802.11 hosts"....
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)
More information about the NANOG
mailing list