I was talking to Quyen and Todd, and we came up with a short, easy-to-follow
preliminary wireless security idea. I decided to post this to the group and
see what you guys thought. If you think it's a good idea, maybe we can all
follow it.
Of coure, this is only for people who wish to make their wireless access
points available to everyone at the OMRF.
I don't know how much of this is already implemented, so I could be echoing
someone's already-implemented ideas. I'll call that "delayed synchronicity"
so it sounds better than "duh".
Here's the idea:
- All Wireless Base Stations that are intended for OMRF use have the same
community name, and the community names are set to broadcast (ie not a
"closed network" as several systems call it)
- If we use a WEP password, we all use the same WEP key, and make it easy to
remember (preferably 48-bit, as that seems to be the most common denominator
for all 802.11b wireless cards)
- All base stations have a unique password, preferably totally random and not
easy to remember (example that is somewhat like what we use: a48b9_R). Every
base station would have its password written on a piece of paper taped to the
base station.
Alright, this looks like really bad security. It's not quite so bad as it
seems, and it still meets our requirements for being easy to use. Let me
explain:
First, the community name can be picked up off the wire easily unless we use
some sort of junk broadcaster, so why not broadcast it? We want our users to
be able to find it easily. Also, this makes it to where we can walk across
the OMRF and not have to adapt to the local fiefdom just to get network
access.
Second, if we have a shifting WEP password, many systems will not let you
store multiple WEP passwords for the same community, therefore we'll
constantly be futzing with the thing, and it will be far more likely that
someone will take to posting all the passwords, and we're just back to where
we were.
Also, WEP at the levels that we will have access to (48-bit, if we want to
allow everyone to use the network) is a trivial crack for someone who wants
in (ie is sufficiently bored or interested), so this is mostly for keeping
people out who wander in by accident, or just want to tap in on a lark.
Besides, network-level security should not be our only line of defense.
As for the base stations: what we're really concerned about is someone who
does not have access to the lab getting in and messing with the controls of
our access points. To get the password for the access point, someone would
have to have physical access to the lab and have the desire to learn the
password. As the password is random, it is not something you just look at and
know, hence they would have to intend to break in when they looked at the
password. Not great security, but not awful.
The reason for giving out the password at all is so that others can come in
and fix your access point if it mis-behaves without unplugging it or
resetting it. If your access point is set to run a DHCP server, you will earn
the concern if not the ire of the network boys (understandably). Not that I
know anyone who's done that (cough, cough).
The main system administrators and people who have a good reason to be there
can get physical access to where the AP is at all times. This easily gets
them the ability to manage instead of blow away your access point.
Now, why not use the same password for all APs? We could do that, but then
everyone who ran an AP would have the password for all other APs for ever and
ever. Not to mention we'd have to take precautions about whom to give
passwords to, and anyone who had the password would be responsible for the
entire OMRF.
And it smacks of centralization, and there's really no need for that.
So, that's the idea. Todd, Quyen, any corrections? Anyone else: any
suggestions? Anyone interested in doing this? Any proposed community names,
WEP keys?
Happy to help (or at least cause problems),
Alan
|
