RE: Perpetuating weak wireless security

Hey Nick, glad to have you at our HQ ;-P

1) Great question. What we are doing with WEP Cloaking is removing all
the shortcuts available to the attacker and forcing him/her to use the
worst possible case scenario (brute forcing). Hence why we named it
WepCloaking instead of WepShield ;-P

2) I agree to a point in some cases. Big companies can't move as fast as
smaller buisneses and by no means does this extend the hardware refresh
cycle, it allows them to stick to their current timeline and better
prepare for the upgrade. A lot of companies can't afford the forklift
right now. Would they rather wait a few years with their pants down or
invest in an AirDefense that gives them a complete solution and
visibility to make sure everything is where it should be?

Here's the down and dirty of it guys. I'm not a marketing person, I'm a
wifi dork. Too many individuals are focusing on a single feature of our
solution. We are selling a COMPLETE solution. Any security guru worth
his salt will tell you, you need layered security. Wireless security is
no different than wired security. In a good setup, you'd have both
visibilty (IDS), active protection (IPS), trouble shooting tools and a
solid infrastructure.

Here is a Practical example. When you own a house and wish to secure it,
do you just have a lock on the door? If someone breaks in, do you buy a
more expensive lock? Maybe. What I would do, is use motion flood lights,
stronger locks, buy a big ugly dog, an alarm system and then start
looking for a better neighborhood :-P 

In a round about way I think I compared myself to an ugly dog, but you
guys get the point :-P 




-----Original Message-----
From: nick leachman [mailto:nleachman-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx] 
Sent: Wednesday, May 09, 2007 3:31 PM
To: wifisec-o7tR/nIX9Vi1EmJ4MpGYnQC/G2K4zDHf@xxxxxxxxxxxxxxxx
Cc: Nico Darrow
Subject: Re: Perpetuating weak wireless security

Hi Nico,

First, it was nice to meet you last week at AD. I've heard much about
you from Jerry - all good no less!

I'm a technical peon compared to those who've weighed in this so far;
and as such I won't even attempt to debate the technical points of
this solution; but I would like to make a couple of general points:

1) This solution appears to be "security through obscurity" - a term
borrowed from a SANS instructor if I remember correctly - and that
leaves me feeling uneasy about it. Is this truly the case - are you in
essence burying a molecule of water in a puddle and hoping it's not
found?

2) What bothers me more is that solutions of this type provides a
means to extend the life of a known weak security method. Argue what
you will about bridging the gap to allow companies to make it to their
next hardware refresh cycle (in order to discard WEP); but we know
that what will actually happen in many cases is that this type of
solution will instead provide a means to delay the normal refresh
cycle - thereby extending the life of WEP in this case. If it is
"perceived" that the king now has clothes, where's the incentive to
change? (And no, I'm not a hardware vendor :-)

I understand that it's a double-edged sword - providing a means to
better secure a poor implementation that might not otherwise be
secured at all vs. running the risk of extending the life of this same
poor technology.

- Nick

Nick Leachman
GSEC GCIH