Cndnsd Vrsn: 4 PM Thursday April 4th ACS Room 123- Wireless Insecurity
The next meeting of the Front Range UNIX Users
Group (FRUUG) will be held at 4:00 P.M. on Thursday, April 4th.
Dave Clements and Bob Gray of
Boulder Labs
will talk about how insecure wireless networks can be
and how to make yours more secure.
It's alarming that dozens of downtown Boulder companies have
wireless networks vulnerable to intruders. And it's even more
alarming that these companies might never know if competitors,
hackers, or identity thieves have helped themselves to
intellectual property, financial information, or other
proprietary information.
Wireless technology (also known as 802.11b) is convenient and
cheap. A Base-station and a couple of clients cost less than
$500. But the resulting network will be terribly insecure
unless measures are taken. Boulder Labs recently located 50
networks in the downtown Boulder area alone that were wide
open. Bob and Dave drove around with a laptop, an 802.11b card, and an
antenna for a few hours. Using open source tools, they identified
the locations of the various Base-stations.
(See http://boulderlabs.com/open-nets.html for a map)
Once located, you can monitor and capture network traffic from
near or afar. About 60% of the sites transmit plaintext. The
remaining sites use WEP Encryption, which can be broken in as
little as a few minutes if the common key generating algorithm
is used. And if not, there are another half dozen exploits that
will eventually defeat both the 64 or 128-Bit WEP
Encryption.
This talk will describe what it takes to break the various
combinations of WEP Encryption. Bob and Dave will talk about
monitoring from afar with simple home-built antennas. Finally, they will
discuss various techniques for securing a Wireless network
including SSL, ssh, IPsec, and VPN technologies.
Dave Clements and Bob Gray are with Boulder Labs, a Colorado-based
software consulting company
with expertise in embedded systems, network security, and system
administration. Their deployed systems are often based on
open-source systems like FreeBSD and Linux. They collaborate with
young companies helping them build their products and their
network infrastructure.
This meeting will be in room 123 of the CU Academic Computing
Center building at Arapahoe and Marine Streets in Boulder. Marine St intersects
Arapahoe at 38th St; the Computing Center is on the southwest corner.
At our March meeting, Cricket Liu discussed security issues
with DNS servers and how to prevent yours from being hacked.
His slides are avilable in the FRUUG meeting archive at
www.fruug.org/mtgarchive/index.html.
We have a great set of meetings lined up for the future. Those
with firm dates include:
Other meetings we're planning for the future include UNIX
interoperability with MacOS X, IP-based Storage Area Networks (SANs),
and an update on how to control spam-- unsolicited e-mail.
In February we began our new
FRUUG Giveaway program with new eligibility rules.
In order to be eligible for our giveaway that includes
Gift Certificates to SoftPro Books and
Special Giveaway Books from our
publisher sponsors (and of course the occasional T-Shirt),
you must have earned a
FRUUG Library Merit Badge by
reviewing one of the books in our library. These reviews
can be as short or as long as you like (within reason),
and once you've given us one, your eligible for our giveaways
from then on. Details are on our
FRUUG Library Page on our Web site.
Just so we don't end up with the absurd situation of one
person winning all of our giveaways because only one person
writes a book review, we're
guaranteeing the first ten
people to earn the FRUUG Library Merit Badge the gift of
your choice from the following selections:
-
A $20 Gift Certificate from SoftPro Books in Boulder or
Denver. If more than one person per month selects this
option, you'll be put in the queue to get the next one
we receive (SoftPro donates one per meeting).
-
The book of your choice from the FRUUG library.
Yes, any book you like. Yes, if you're one of the first
five, review the book and then keep it.
Six people have already taken advantage of this great
offer; the next four reviewers will still be guaranteed
the gift certificate or the book of their choice.
Please refer to the
FRUUG Library Page on our site
for details on how to submit a book review.
Our FRUUG library sponsors are reminding us that they are
providing us with review copies of their books in order to get,
well, reviews of them. In order for us to continue to receive
their generous donations, we need to start giving them feedback
on their books. If you check out a FRUUG book, please plan
to write a paragraph on what you thought of the book, or point
out areas that you particularly liked or didn't like. They
don't have to be polished reviews for publication-- they
are reviews for them to improve their books. If you can
manage to put a few words together, please send them (along
with the title and publisher of the book) to gaede at fruug.org
and we'll send it along to the appropriate people.
New in the library this month are:
- Building Wireless Community Networks, from O'Reilly & Associates
- Building Linux Virtual Private Networks (VPNs), from New Riders
- DNS and BIND, 4th Edition, from O'Reilly & Associates
- Designing with JavaScript, 2nd Edition, from O'Reilly & Associates
- Hardening Cisco Routers, from O'Reilly & Associates
- Proceedings of BSDCon 2002
San Francisco, California, February 2002, from the USENIX Association
- Proceedings of the Conference on File and Storage Technologies,
Monterey, California, January 2002, from the USENIX Association
- System Performance Tuning, 2nd Edition, from O'Reilly & Associates
- Using SANs and NAS, from O'Reilly & Associates
- Web Services Essentials, from O'Reilly & Associates
You may check out books using your business card as your
library card; you must be on the membership list to check books out. Books
are due at the meeting following the one in which they are checked out.
Remember that your FRUUG membership entitles you to discounts
on your book orders from both New Riders Publishing and O'Reilly &
Associates; refer to the FRUUG Web site for details.
