While reading the August issue of Information Security Magazine today, I came across this piece on wireless lan security. I'm passing it along since it's part of our goal - secure wlans and secure hotspots. I'm hoping to get some preliminary project material out this weekend. Check back soon.
posted by mt at 22:19

O'reillynet has an excellent wireless section. Specifically, look at two articles by Matthew Gast, who authored a good 802.11 book, highly recommened. Seven Security Problems of 802.11 Wireless is a great foundation for this project. A quick list of the topics, which we'll adress here in time:

• Easy access
  
• Rogue access points
  
• Unauthorized use
  
• Constraints
  
• Mac spoofing and session hijacking
  
• Traffic analysis (sniffing)
  
• High level attacks
  

posted by mt at 14:12

Glenn Fleishman of 80211 Networking News referred me to the NoCat site. It's a community supported 802.11b network in Sonoma County California. They have an interesting whitepaper describing NoCatAuth - some of their specifications which include security topics. Worth a peek. It's not quite what I'd like to see here, but it might get the ball rolling. Glenn's site has a lot of news related to the industry - a daily read.
posted by mt at 14:52

And here is a Security Blog post from 08-01 demonstrating why we need to be concerned.

This is what I'm talking about. Yesterday, I pointed out the need for some sort of wi-fi hotspot security standard. Stories like this justify the cause. We have got to come up with something, or people will be too afraid to share the access. Let's get to work people!

The movie pirate lived next door to the subscriber, and was able to access his neighbor's Wi-Fi wireless network to send the movie out over his neighbor's AT&T Broadband high-speed Internet service, according to AT&T Broadband spokeswoman Sara Eder.

Sounds like AT&T was very understanding. Next time, there might not be a happy ending.

posted by mt at 09:31

Below is the original post from the Security Blog which discussed the idea of a wifi security project. Contains some interesting links and initial ideas.

Doc Searls points to Lisa Rein's commentary on wardriving. I'm one of the "security obsessives" he references, but wouldn't say that I smear wi-fi. Actually, it's the opposite - I love it. I have strategic spots all over town where I can pullover, use my Zaurus to grab mail and hit the web.

But here's the problem. Corporate networks cannot risk exposing their innards to the public. And individuals? Maybe. But soon, if not already, someone's kindness will be taken advantage of. They will get their door kicked down by the feds because some sort of nefarious activity originated from their network. It's bound to happen. That's a shame because these wi-fi hotspots are bringing us closer to the dream of blanket, broadband coverage.

How do we solve the problem? I don't really know. If we put our heads together, we can figure it out. Obviously your machines need to be secure. Patches, minimal services, encrypted data et cetera. But the real issue is how to police the activity taking place on a hotspot? A firewall/filter allowing certain types of traffic - maybe. An IDS monitoring outbound traffic - perhaps. Other ideas? Let's get a project/document/blog/site going which explains how to setup a public hotspot while protecting yourself. Send me your thoughts.

posted by mt at 09:28

The goal of this project is to define a set of security standards for people who want to run an open, 802.11 hotspot for community use. I think these hotspots are fantastic and changing the way things work. BUT - people still have to be concerned with security. Sure, 99% of a hotspot's users are benevolent - mail, web surfing, etc. The other 1% is what we're concerned with. That being said, this will be a community driven page which aims to protect hotspot owners and their networks from malicious cracking and legal troubles. We need to work together or this neat little uprising will be squashed by fear.
posted by mt at 22:43

I am getting everything setup - RSS feed and such. Updates tomorrow on the project mission.
posted by mt at 22:32

Welcome to the Wifi Security Project.
posted by mt at 22:13