You can secure that wireless net

 

Connecting state and local government leaders

Researchers at NASA's Ames Research Center found the wireless LAN security they sought in freeware.

Researchers at NASA's Ames Research Center found the wireless LAN security they sought in freeware.Using an ordinary PC running the OpenBSD operating system, three open-source applications and a bit of custom code, a trio at Moffett Field, Calif., last year built a secure IEEE 802.11b wireless LAN gateway that serves an average of 30 users daily. During conferences, up to 10 guest users can log in at once.The wireless firewall gateway for the Advanced Supercomputing Division at Ames uses the encryption and authentication already present in the division's IT systems.'We had begun to discover people bringing in wireless access points and connecting them to their machines without authorization,' said Dave Tweten, the division's computer security official.Instead of forbidding the wildcat devices, the division approved setting up a managed wireless LAN. Its networking staff briefed Tweten on the state of the 802.11b wireless fidelity standard, known as WiFi.'I was shocked to realize that wireless security was pretty much nonexistent,' Tweten said.Even though WiFi has encryption and address authentication, they didn't look very reliable to Tweten. So he and colleagues started looking around for ways to build a reasonably secure wireless LAN without a lot of administrative overhead. The network would have to be open enough for visitors' use while denying hackers a platform for launching cyberattacks.After the initial planning, Tweten went to the DefCon 9 and Black Hat 2001 computer security conferences. 'What I saw there confirmed for my taste that we were headed in the right direction,' he said.His gateway quarantines the wireless network behind a firewall controlled by the division staff. The key application is an open-source Dynamic Host Configuration Protocol server, which 'leases' temporary IP addresses to users with wireless network cards. Tweten got the beta DHCP Version 3 server application from the Internet Software Consortium, at . Mobile users of DHCP clients must renew their leases periodically or lose their authentication.The gateway also uses the open-source Apache Web Server and IP Filter, a customizable firewall included with many versions of OpenBSD.The wireless network gives two classes of service. One class accesses the division's machines and the Ames virtual private network server. The other class gives authenticated users a gateway to the Internet as well as to Ames systems.The first class of service uses the encryption in the division's VPN software and the Secure Shell protocol. The end-to-end encryption services bypass the relatively poor security of the Wired Equivalent Privacy protocol.'In fact, we turned off WEP encryption because in our circumstance it's fairly useless,' Tweten said.The WiFi LAN is accessible through common network cards and Web browsers with Secure Sockets Layer security, Tweten said, because most visiting colleagues have them already.Division employees are automatically included in the authentication database. Visiting researchers can arrange to be authenticated for a fixed period of time.'We tried to keep down the overhead and particularly the response time involved in providing legitimate access, while still preventing unauthorized access,' Tweten said.Users log in to the gateway from their notebook PCs by giving names and passwords, said Derek G. Shaw, a senior security analyst for Advanced Management Technology Inc. of Arlington, Va.Shaw and Nichole K. Boscia, a Computer Sciences Corp. network engineer who also works at the division, wrote a short program that the Web server runs to make the firewall access rules dynamic.Boscia modified the DHCP code to contact the firewall and remove a rule when a lease expires.'Once a user's authenticated, the door opens to the Internet or other resources, and when they're done, the door closes,' Shaw said.'It's really not a wireless solution per se. It's nothing new. What's fairly new and innovative for us, and maybe for the wireless community, is that we took a lot of open-source software and built our own firewall gateway that can be extended with additional features. It's just that nobody ever thought of doing that with wireless or modifying the DHCP code to make things work.'Shaw said vendors are working to resolve the insecurities in WEP, 'but we took the approach that wireless is insecure, period. We built around the insecurities.'The firewall gateway project took three months to reach a working prototype stage. Boscia and Shaw spent about 40 hours total writing the code that ties the freeware components together.The division now has 20 WiFi wireless access points from Avaya Inc. of Basking Ridge, N.J. Adding more access points would require more computing power for the wireless gateway, Tweten said.Version 2 of the gateway'with active intrusion detection, code cleanup and bug fixes'will debut in the next few months, Shaw said. The group also hopes to get a faster host. At the moment it's a 400-MHz Pentium II PC with an Ethernet card. The next host will have to accommodate more users and bandwidth.Officials from other parts of NASA Ames have expressed interest in the wireless strategy, Tweten said, but haven't yet decided to try the open-source approach.

NASA's Dave Tweten, front, and contractors Nichole Boscia and Derek Shaw created a secure wireless network from open-source apps knitted together with custom code.

NASA's Tweten says he was shocked to find that wireless security in the Ames Advanced Supercomputing Division was 'pretty much nonexistent.'

Kim Kulish/Corbis SABA

Team at Ames Research Center uses freeware to lock down a WLAN

















www.isc.org











Easy access
























X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.