Message-ID: <41C8F60A.2040902@2rosenthals.com>
Organization: Rosenthal & Rosenthal
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.8a6) Gecko/20041130 MultiZilla/1.6.4.0b Mnenhy/0.6.0.104
MIME-Version: 1.0
References: <41C79385.7000104@2rosenthals.com> <41C88220.9080906@clanganke.de>
In-Reply-To: <41C88220.9080906@clanganke.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Date:  Tue, 21 Dec 2004 23:20:26 -0500
Sender: os2-wireless_users-owner <os2-wireless_users-owner@2rosenthals.com>
Reply-To: os2-wireless_users@2rosenthals.com
From:  Lewis G Rosenthal <os2-wireless_users@2rosenthals.com>
To:  os2-wireless_users@2rosenthals.com
Subject: [OS2Wireless] OS/2 Wireless FAQ

(Just responding in reverse order to the follow-up posts in this thread...)

On 12/21/2004 03:05 pm, Christian Langanke thus wrote :

> Lewis,
>
> great collection of information!
>
Thanks! It's amazing what's gotten stuck between my ears since all of 
this wireless stuff hit the scene!! :-)

>
> For now I just som minor points, I have to think about more questions 
> later on:
>
> - AFAIK the "24-bit header" of WEP is called the initialization 
> vector, which should be a random number forr each frame. One of the 
> biggest vulnerabilities of the WEP protocol is that many vendors don't 
> implemment that as a random number, but just count up from zero

Right on both counts, and I will make a note to correct my verbage 
concerning the IV. The main vulnerability of WEP, of course, is the fact 
that the keys repeat. Sniff enough packets over a long enough period of 
time (the busier the WLAN, the shorter the necessary time), and one can 
easily discern the keys being used.

>
> - Concering the dynamic 24-bit part and the static part please add a 
> point about "open Systems" and "shared Key Systems", this topic is 
> also referred to "authentication". If set to"shared key" on behalf of 
> the access point,  the client would need to  authenticate itself, 
> unfortunately this is done with the static parts of the keys only 
> (!!!),  without any initialization vector. The drawback of this is 
> that alone this authetication makes the WEP method even more unsafe 
> and easier to crack, so it strangely makes a WEP secured access point 
> more safe when this authetication is turned of or set to "open system".
>
Good point, again. I'll add this in.

> - as stated in my documentation, please add something like "always use 
> encrpytion when accessing private WLans" and "better use 64-bit or 
> _any_ WEP encryption than none". The user should be told to change the 
> keys periodically. The more data is sent over WEP encrypted WLAN, the 
> quicker it can be cracked. With medium to heavy throughput WEP64 can 
> be cracked after some hours, WEP128 may need some days. For an average 
> user, just surfing a bit in the evening, as a rule of thumb I would 
> suggest a week for a change of WEP128 keys, and half a week for WEP64. 
> I don't do that myself, and I am almost certain that nobody does that, 
> but it is important to know that it is _unsafe_ not to do so. 
> Furthermore, in Germany it is at least illegal to get into a WEP 
> secured private WLAN. If that is the case, it may even make sense to 
> set any key and never change it anymore...
>
Per my comments, above. I'll add all of this in the WEP-related section 
of the FAQ.

> - topic 6: there is a term of "infrastructure mode" and at least 
> another one.I think this would fit in here
>
BSS. Yes, I'll make the distinction between BSS, IBSS, and AdHoc.

> - topic 7: I would turn the question around: Is an access point a 
> router ?
>
Hmmm... Okay. (For anyone else following this exchange, the following 
may get a bit sticky; please bear with us, as Christian and I have a 
little fun...). WDS (Wireless Distribution System) mode can actually put 
the WLAN on a different network from the wired LAN, thus making an AP 
"route" packets... So, perhaps, we have two different questions to 
answer, eh? :-)

Which reminds me, related to the AP section, I should probably mention 
something about bridging and WDS.

> - topic 8: SSID is AFAIK also referred to as System Service Identifier
>
Hmmm... I don't think I'd heard that one, but I'll look it up (not 
doubting you; just curious to see what else I may have missed).

> - topic 10: please include that with certain WLAN sniffer software 
> (either Win32 or linux ?) the SSID can still be spyed out even if 
> broadcast is turned off. IMHO this is very important to know, else 
> users would get a false idea of security they would establish. 
> Nevertheless it is still a good idea to turn off  SSID broadcast for a 
> private WLAN AP, to make it not too easy for hackers.
>
Good idea. I should have made it clear that XP isn't the only way to 
snatch an SSID out of the air when beaconing is turned off.

> - Please include a section on MAC address filtering. Unfortunately 
> also this can be spyed out by software like stated above for SSID, but 
> also this should be enabled. It makes it at least not possible for a 
> drive-by surfer to instantly get a connection. Isntead, he would need 
> to spy out a MAC address, and come back another time to wait until 
> this is not active while the AP is active, so that he can use this MAC 
> addess.
>
Yes, I did make a quick note in the security section that I want to add 
a mention of MAC filtering.

Thanks for the tips. I'll work them in tomorrow night.

-- 
Lewis
------------------------------------------------------------
Lewis G Rosenthal, CNA 
Rosenthal & Rosenthal, LLC
Accountants / Network Consultants 
  New York / Northern Virginia           www.2rosenthals.com
eComStation Consultants                  www.ecomstation.com
Novell Users International        www.novell.com/linux/truth
------------------------------------------------------------ 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

To unsubscribe from this list, send a message to
steward@2rosenthals.com with the command
"unsubscribe os2-wireless_users" in the body
(omit the quotes).

For help with other commands, send a message
to steward@2rosenthals.com with the command
"help" in the body (omit the quotes).

This list is hosted by Rosenthal & Rosenthal
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=