Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

[802SEC] Non-member submission from [Leigh Chinitz <LChinitz@Proxim.com>]RE: LIST-SPECTRUM: Re: Feds Label Wi-Fi a Terrorist Tool




Forwarded for a non-subscriber.

 -Bob
 

-----Original Message-----
From: Leigh Chinitz <LChinitz@Proxim.com>
To: "'ieee 802 sec reflector (e-mail)'" <stds-802-sec@ieee.org>,
   "'ieee 802. 18 reflector (e-mail)'" <stds-802-18@ieee.org>,
   "'weca-spectrum reflector (e-mail)'" <list-spectrum@wi-fi.org>
Subject: RE: LIST-SPECTRUM: Re: Feds Label Wi-Fi a Terrorist Tool
Date: Tue, 10 Dec 2002 19:49:16 -0800


While I don't want to appear to be taking the side of the Cybersecurity
people, I think we need to do more than simply assert that the claim is
false.  As far as dial-up, people tend (right or wrong) to trust the
security of the telephone network for providing network access.  For
example, in many companies you can dial in to the corporate network to
access resources, but if you are using internet access you need to run a
VPN
to get to the same resources.

I think that the concern to which they are referring, at least one of
them,
would be the case of telecommuters.  If a user opens a secure tunnel to
an
enterprise or a government facility, say, and uses a client device
connected
via a wireless link, the concern may be that someone who gets access to
the
wireless link now has access to the secure tunnel.  (In a sense.)  I
think
that concern is different than a random person having dialed in to the
internet via an ISP.  That is, the hacker has just gotten behind the
firewall, for free.

I'm just trying to say that we should avoid getting into a "yes it is,
no it
isn't" fight.  We need a well thought out position.

Leigh

-----Original Message-----
From: Yoram Solomon [mailto:yoram@ti.com]
Sent: Tuesday, December 10, 2002 4:08 PM
To: carlstevenson@agere.com; 'ieee 802 sec reflector (e-mail)'; 'ieee
802. 18 reflector (e-mail)'; 'weca-spectrum reflector (e-mail)'
Subject: LIST-SPECTRUM: Re: Feds Label Wi-Fi a Terrorist Tool


Getting a free dial-up account does not include any background checks to
assure that whomever gets that free access to the network is not a
terrorist, or is not using it as a tool to "could bring down the network
of
this country
very quickly".  Why wouldn't they consider regulating dial-up access,
and
further more - perform background checks on everyone who access the
Internet?  By the way, the Internet can be accessed from other
countries,
too...

I think we should make sure that the Department of Homeland Security is
aware that Wi-Fi does NOT pose a higher threat than ANY type of Internet
access.

Regards,

Yoram.

-----Original Message-----
From: Stevenson, Carl R (Carl) [mailto:carlstevenson@agere.com]
Sent: Friday, December 06, 2002 9:34 PM
To: ieee 802 sec reflector (e-mail); ieee 802. 18 reflector (e-mail);
weca-spectrum reflector (e-mail)
Subject: LIST-SPECTRUM: Feds Label Wi-Fi a Terrorist Tool


Subject: Feds Label Wi-Fi a Terrorist Tool
From: "Dewayne Hendricks" <dewayne@warpspeed.com>
Date: Fri, 6 Dec 2002 17:14:48 -0800


<http://www.wired.com/news/wireless/0,1382,56742,00.html><http://www.wir
ed.c
om/news/wireless/0,1382,56742,00.html>

Feds Label Wi-Fi a Terrorist Tool
By Paul Boutin

SANTA CLARA, California -- Attention, Wi-Fi users: The Department of
Homeland Security sees wireless networking technology as a terrorist
threat.

That was the message from experts who participated in working groups
under
federal cybersecurity czar Richard Clarke and shared what they learned
at
this week's 802.11 Planet conference. Wi-Fi manufacturers, as well as
home
and office users, face a clear choice, they said: Secure yourselves or
be
regulated.

"Homeland Security is putting people in place who will be in a position
to
say, 'If you're going to get broken into ... we're going to start
regulating,'" said Cable and Wireless security architect Shannon Myers
in
a panel dubbed "Homeland Security vs. Wi-Fi."

Myers was one of several consultants for President Bush's Critical
Infrastructure Protection Board, which is finalizing its National
Strategy
to Secure Cyberspace.

Since being named special advisor to the president for cyberspace
security
last year, Clarke has stressed wireless access points as a national
security threat.

"Companies throughout the country have networks that are wide open
because
of wireless LANs.... Millions of houses are getting connected, which
means
that more and more are getting vulnerable," Clarke told attendees at the
Black Hat Security Briefings in Las Vegas earlier this year.

"We know that (an attack) could bring down the network of this country
very quickly. Once you're on the network, it doesn't matter where you
got
in," said Daniel Devasirvatham, who headed the Homeland Security task
force for the Wireless Communications Association International trade
association.

Devasirvatham said the telecom industry was represented at security
planning talks with federal agencies, but the wireless sector itself was
not.

"Do you consider yourself part of the telecom industry?" he asked the
802.11 Planet audience. "If you're a nethead instead of a Bellhead, you
probably don't. I think there's a major disconnect here."

But Myers acknowledged that regulators were frustrated in their search
for
a quick fix to plug Wi-Fi holes.

"There's just not a lot of technology out there right now that can be
used
to secure the technology in place," she said. "They're not at a point
where they can say, 'This will solve the problem,' and mandate it."

Rather, the most recent draft of the National Strategy document lists
stopgap steps that home and office Wi-Fi users should take to make their
networks harder to crack. The National Institute of Standards and
Technology's Wireless Network Security document contains more detailed
guidelines.

Speakers called on corporate Wi-Fi customers to participate in creating
security enhancements and best practices, lest regulators do it for
them.
"Expert advice needs to be obtained from more than just the industry
that
makes the equipment," Devasirvatham said.

Conference attendees were split on the potential of wireless nodes as
terrorist access points.

Boingo CEO Sky Dayton suggested turnkey security standards under
development would improve the technology's reputation. "It's possible to
secure a wireless network today," he said. "But it needs to get easier."