Security concerns with 802.11g

Can anyone tell me anything about the security
in the new standard 802.11g?

What is difference regarding security
between 802.11g and its predecessors
802.11a & 802.11b?

Been searching the net for hours without
any luck at all

-S-

lots of info here:

http://www.wifialliance.org

jtm

"WiFi" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) m...
Can anyone tell me anything about the security
in the new standard 802.11g?

What is difference regarding security
between 802.11g and its predecessors
802.11a & 802.11b?

Been searching the net for hours without
any luck at all

-S-

The key is whether the router uses WEP - which is not very secure - or
PA - which we are told IS secure.

--
Bob Alston

bobalston9 AT aol DOT com
"WiFi" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) m...
> Can anyone tell me anything about the security
> in the new standard 802.11g?
>
> What is difference regarding security
> between 802.11g and its predecessors
> 802.11a & 802.11b?
>
> Been searching the net for hours without
> any luck at all
>
> -S-

What's PA? Or do you mean WPA?

"Bob Alston" <(E-Mail Removed)> wrote in message
news:82fjb.70922$Ms2.53251@fed1read03...
> The key is whether the router uses WEP - which is not very secure - or
> PA - which we are told IS secure.
>
> --
> Bob Alston
>
> bobalston9 AT aol DOT com
> "WiFi" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) m...
> > Can anyone tell me anything about the security
> > in the new standard 802.11g?
> >
> > What is difference regarding security
> > between 802.11g and its predecessors
> > 802.11a & 802.11b?
> >
> > Been searching the net for hours without
> > any luck at all
> >
> > -S-
>
>

actually the issue so far in my experience has been whether the wpa feature
is sufficiently interoperable to be useful.

not having much luck so far...

jtm
"Bob Alston" <(E-Mail Removed)> wrote in message
news:82fjb.70922$Ms2.53251@fed1read03...
The key is whether the router uses WEP - which is not very secure - or
PA - which we are told IS secure.

--
Bob Alston

bobalston9 AT aol DOT com
"WiFi" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) m...
> Can anyone tell me anything about the security
> in the new standard 802.11g?
>
> What is difference regarding security
> between 802.11g and its predecessors
> 802.11a & 802.11b?
>
> Been searching the net for hours without
> any luck at all
>
> -S-

"WiFi" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) m...
> Can anyone tell me anything about the security
> in the new standard 802.11g?
>
> What is difference regarding security
> between 802.11g and its predecessors
> 802.11a & 802.11b?
>
> Been searching the net for hours without
> any luck at all
>

With wireless, the signal is going everywhere so anyone can recieve it. So
the question becomes how secure is the transmiission. WEP and other
encryption techniques exist but weakness also exist.

With WEP, weak IV filtering is essential. Not all chip sets support weak IV
filtering. To find out if they do, email the vendor support specifing the
cards and devices your planning on using. Weak IV filtering is chipset
dependant, so a particular vendor might have devices that do and do not
filter out weak IVs. Weak IVs in the WEP can be used to crack 40, 64, 128
and higher WEP keys just by sampling the weak IVs.

It is impossible to secure wireless anything from a denial of service. Take
a 11b/g setup and bring a 2.4GHz phone near by and it will show how to lower
or disable the wireless from working. It would be trivial to produce a
simple jamming device for wireless with about $10 (or less) of select Radio
Shack parts and some wire.

But if the DoS is not an issue, and eaves dropping is. And security needs
to be high, and you must use wireless do the following:

- read the docs and enable all security features including but not limited
to:
- enable WEP at the most bits possible
- enable MAC address filtering
- disable SID broadcasts
- buy only equipment that supports weak IV filtering. If the vendor does
not claim it in writting for a specific product it is likely they do not
filter out weak IVs. Although most newer chip sets tend to filter.
- consider using a more tried and true solution by connecting the wireless
to a VPN concentrator. That is to use VPN over the wireless and do not
permit non-authenticated non-vpn traffic.
- apply vendor patches to the wireless access points and the clients on a
regular basis.

Wireless, with enough attention to detail can be difficult to crack. A
system well patched, properly configured and designed with weak IV
filtering, 128 bit WEP and VPN using SSL/TLS for the sessions can be about
impossible as it comes to being able to hack into. In fact, it could be
more secure than the local wired LAN.

Dave
------------------------
Do not reply to email in headers of this message as it is bogus to foil spam
bots.
Remove the dashes and spaces in the address below.
d--a-v e-@unix home-. net

On 15 Oct 2003 09:33:16 -0700, (E-Mail Removed) (WiFi) wrote:

>Can anyone tell me anything about the security
>in the new standard 802.11g?
>
>What is difference regarding security
>between 802.11g and its predecessors
>802.11a & 802.11b?
>
>Been searching the net for hours without
>any luck at all
>
>-S-


Basiclly WEP isnt very good. That is about it. Read up about WEP and
its flaws if you want to know more information.

Thanks for all the answers!

Sorry, I wasn't clear enough regarding
my question.

Yes, I'm fully aware of the tragic tales of WEP.
And, I might add, none of the methods recommeded above/below
is regarded as "good" security.

My experience with WEP is not to use it.
Instead use

-802.1X/EAP
-VPNs preferrable Ipsec

The trouble with 802.1X is that the standard was
proven not to be secure by Maryland University in 2002.
However, most of the vendors have solved the Maryland
attacks by proprietary solutions, leaving security in
the hands of the vendors. No interoperability in practic.

Now for my real question.
Has the new standard 802.11g any new additional
security measures?
Or is it still using WEP or is
it using WPA?
Or something else?

Any links about the security of 802.11g or 802.11i, preferrably
updated links. I've found a ton of links regarding
the "upcoming" standard
And that is not too exciting.

Thanks again!

S

Dave:

Nice post:

An addition to your post, would be to mention changing the WEP key
frequently.



>With wireless, the signal is going everywhere so anyone can recieve it. So
the question becomes how secure is the transmiission. WEP and other
encryption techniques exist but weakness also exist.

With WEP, weak IV filtering is essential. Not all chip sets support weak IV
filtering. To find out if they do, email the vendor support specifing the
cards and devices your planning on using. Weak IV filtering is chipset
dependant, so a particular vendor might have devices that do and do not
filter out weak IVs. Weak IVs in the WEP can be used to crack 40, 64, 128
and higher WEP keys just by sampling the weak IVs.

It is impossible to secure wireless anything from a denial of service. Take
a 11b/g setup and bring a 2.4GHz phone near by and it will show how to lower
or disable the wireless from working. It would be trivial to produce a
simple jamming device for wireless with about $10 (or less) of select Radio
Shack parts and some wire.

But if the DoS is not an issue, and eaves dropping is. And security needs
to be high, and you must use wireless do the following:

- read the docs and enable all security features including but not limited
to:
- enable WEP at the most bits possible
- enable MAC address filtering
- disable SID broadcasts
- buy only equipment that supports weak IV filtering. If the vendor does
not claim it in writting for a specific product it is likely they do not
filter out weak IVs. Although most newer chip sets tend to filter.
- consider using a more tried and true solution by connecting the wireless
to a VPN concentrator. That is to use VPN over the wireless and do not
permit non-authenticated non-vpn traffic.
- apply vendor patches to the wireless access points and the clients on a
regular basis.

Wireless, with enough attention to detail can be difficult to crack. A
system well patched, properly configured and designed with weak IV
filtering, 128 bit WEP and VPN using SSL/TLS for the sessions can be about
impossible as it comes to being able to hack into. In fact, it could be
more secure than the local wired LAN.