Hi Nico,
Thanks for the reply. Please know that I didn't mean to lay the burden
for perpetuating WEP on you. It's just a discussion - not an
indictment of you at all. And your points about a complete solution
and layering are well taken.
I think we're gonna have to agree to disagree on number two though.
I've worked in several accounts - mainly SMB - over the years; and
what I've noticed is that once a technology gets installed (and works
satisfactorily) it often takes a stick of dynamite to get it out.
There are still many networks with Novell 3.12 servers, Token-Ring
LAN's, 10Mbps hubs, Open WLANs - and a vast array of other
technologies that should arguably have been replaced for performance,
interoperability, or security reasons - but they are still installed -
and relied on - because they work.
My point is simply that we who work in the security realm must be
careful because facilitating the longevity of flawed security methods
has the potential of far greater negative impact than performance or
interoperability issues IMHO.
Kind Regards,
- Nick
On 5/9/07, Nico Darrow <ndarrow-xAbmtu7NH5/8vmTbguxeSw@xxxxxxxxxxxxxxxx> wrote:
Hey Nick, glad to have you at our HQ ;-P
1) Great question. What we are doing with WEP Cloaking is removing all
the shortcuts available to the attacker and forcing him/her to use the
worst possible case scenario (brute forcing). Hence why we named it
WepCloaking instead of WepShield ;-P
2) I agree to a point in some cases. Big companies can't move as fast as
smaller buisneses and by no means does this extend the hardware refresh
cycle, it allows them to stick to their current timeline and better
prepare for the upgrade. A lot of companies can't afford the forklift
right now. Would they rather wait a few years with their pants down or
invest in an AirDefense that gives them a complete solution and
visibility to make sure everything is where it should be?
Here's the down and dirty of it guys. I'm not a marketing person, I'm a
wifi dork. Too many individuals are focusing on a single feature of our
solution. We are selling a COMPLETE solution. Any security guru worth
his salt will tell you, you need layered security. Wireless security is
no different than wired security. In a good setup, you'd have both
visibilty (IDS), active protection (IPS), trouble shooting tools and a
solid infrastructure.
Here is a Practical example. When you own a house and wish to secure it,
do you just have a lock on the door? If someone breaks in, do you buy a
more expensive lock? Maybe. What I would do, is use motion flood lights,
stronger locks, buy a big ugly dog, an alarm system and then start
looking for a better neighborhood :-P
In a round about way I think I compared myself to an ugly dog, but you
guys get the point :-P
-----Original Message-----
From: nick leachman [mailto:nleachman-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx]
Sent: Wednesday, May 09, 2007 3:31 PM
To: wifisec-o7tR/nIX9Vi1EmJ4MpGYnQC/G2K4zDHf@xxxxxxxxxxxxxxxx
Cc: Nico Darrow
Subject: Re: Perpetuating weak wireless security
Hi Nico,
First, it was nice to meet you last week at AD. I've heard much about
you from Jerry - all good no less!
I'm a technical peon compared to those who've weighed in this so far;
and as such I won't even attempt to debate the technical points of
this solution; but I would like to make a couple of general points:
1) This solution appears to be "security through obscurity" - a term
borrowed from a SANS instructor if I remember correctly - and that
leaves me feeling uneasy about it. Is this truly the case - are you in
essence burying a molecule of water in a puddle and hoping it's not
found?
2) What bothers me more is that solutions of this type provides a
means to extend the life of a known weak security method. Argue what
you will about bridging the gap to allow companies to make it to their
next hardware refresh cycle (in order to discard WEP); but we know
that what will actually happen in many cases is that this type of
solution will instead provide a means to delay the normal refresh
cycle - thereby extending the life of WEP in this case. If it is
"perceived" that the king now has clothes, where's the incentive to
change? (And no, I'm not a hardware vendor :-)
I understand that it's a double-edged sword - providing a means to
better secure a poor implementation that might not otherwise be
secured at all vs. running the risk of extending the life of this same
poor technology.
- Nick
Nick Leachman
GSEC GCIH
--
"The Lord bless you and keep you;
the Lord make His face to shine upon you,
and be gracious to you;
the Lord lift up His countenance upon you,
and give you peace."
Num. 6:24-26
