fw: insecure wireless LAN deployment at .edu
jose at biocserver.BIOC.cwru.edu
Wed Jan 23 17:42:40 GMT 2002
forwarded for your information:
Security of wireless networking still an afterthought
By David Rae [23-01-2002] http://www.vnunet.com/News/1128573
Enterasys Networks has rolled out the biggest wireless network in the
education sector but admitted it has yet to perform a thorough security
Ninestiles School in Birmingham is using 38 Enterasys Roamabout R2 access
points to connect its 1,400 pupils and 95 teachers. Each of the access
points connects to an X-Pedition 8000 multilayer switch router. The
network uses the notoriously weak Wired Equivalent Privacy (WEP) protocol
to provide encryption.
Despite the size of the installation, it took Enterasys and consultancy
TCPIP only a week to do the entire integration. However, this did not
include checks on the network's integrity.
"A security test is something Enterasys is going to do for us, and we
don't foresee any problems," said Mike Crowston, IT development officer at
the school. He confirmed the wireless network was already in use and that
the range extended beyond classrooms as teachers had logged onto the
network from their cars. Mark Rollisson, UK channel manager at Enterasys,
said there would be a security audit carried out, and teachers logging in
from the car park was an ongoing management issue that needed to be
addressed. "We can pull back the coverage so that the range doesn't go
beyond classrooms," he said.
When asked when the security audit would take place, Rollisson said, "It
depends on the school and when they have time." However, Rollisson was
quick to point out that although WEP was used, it was only part of the
Paul Munnery, managing director at wireless networking specialist Wireless
CNP, said that many integrators would not do any security testing after an
installation due to time and budget constraints. He went on to say that
security was often overlooked because people did not really know how to
address the problem.
Stefan Michal, vice-president for Enterasys UK & Ireland, said the WLan
would pave the way for new teaching and learning methods.
It's common knowledge that WEP isn't as good as was first made out. The
keys can be grabbed by sniffing packets, which gives a cracker free run of
the network. With that in mind, here are some tips to keep your network as
secure as possible.
- Change the default ESSID and encryption keys
- Put all access points outside the firewall. Treat wireless networks as
- Use higher-level encryption, such IPSec and SSH
- Filter Mac addresses at the AP to allow access only by known clients
- Use secure log-on methods to gain access to the main network
jose nazario jose at cwru.edu
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
More information about the unisog