July 16, 2004

Wireless Threat Matrix, for admins

Since the number of threats and difficulties a wireless network faces are just as numerous as the number of incomplete solutions available, I've taken the liberty of drawing up a grid illustrating the situation as it stands.

Here is the grid:
http://www.lightsecond.com/wireless_threat_grid.html

I welcome any suggestions, additions or corrections. The grid is incomplete, and may be less than accurate in areas where I've misread the situation. I haven't yet researched Dynamic WEP for instance, and I'd add "implementational faults allowing amplified DOS" if I knew more about that (replaying disconnect messages and the like).

This grid assumes a setup with a single provider of internet access through an unknown number of AP's. This could be a SOHO, WISP, Campus, or community network. The users of the access are "local" and those unauthorized to use the access are "remote". "Radius" is a term being used a bit broadly here to refer to any 802.1x / EAP / PEAP / CHAP / whatever per-user authentication mechanisms, that are often backed by a Radius server. "NoCat" is also a broad term refering to any similar capture-auth gateway.

If you can't tell from the grid, I feel as though WPA1+Radius has failed to penetrate the market effectively, and that vendors creating vendor-specific variants of different things has been hurtful. My Aironet's support the protocol fine as a server, my CB3 Plus Deluxes support the protocol partially in Access point mode, but refuse to act as a client in bridge mode, and I'm finding it highly difficult (impossible?) to set up a Windows machine as a client. Of course we are all praying that WPA2 (aka 802.11i) will be official enough to demand vendor compliance, and the sooner the better, and then I can change the red and orange marks on the convenience side of that row to green and the whole grid will become unnessessary :)

Another area I'm particularily interested in is column D, "local users eavesdropping traffic" so far as the TKIP (1-key) variants of WPA.. I know that a local user can eavesdrop on WEP traffic (if you have the key you can sniff your buddy's traffic and decrypt it easily with Kismet) But can a local user (anyone who knows the passphrase) eavesdrop on WPA traffic as easily? I can't seem to google for that :)

I'll probably also add preambles and such explaining the grid to arbitary visitors eventually, but it's late and I wanna go bed.

Thanks for humoring a green-horn network admin :)

Posted by jesse at July 16, 2004 12:13 AM
Comments