[Lilux-help] Wireless set-up

Brent Frère brent at bfrere.net
Sun Sep 26 00:40:36 CEST 2004 

Georges Toth wrote:

>>You must know that the encryption mecanism on 802.11 (WiFi technology) is
>>still weak and that up to now (as far as I know) the new encryption
>>standard is not yet available.
>>    
>>
>
>let me just quickly jump in and correct you on this... :-)
>the new encryption standard is called WPA, _is_ available, and has already 
>been for quite some months...
>netgear and d-link are two brands which offer WPA comp. products.
>but there are for sure others...
>
>  
>
Indeed, lots of products are on the market since months that pretend to 
be 'WPA compatible' or 'WPA ready'. However, the complete WPA standard 
was not published until very recently. I made a study on that around 
march, and WPA consortium was at that time raising concerns about some 
products that pretended to be "WPA compatible" such as Cisco devices, 
saying that at the current situation of the standard, those device could 
not even become WPA compliant without some hardware change...

Actually, it's the fault of the WiFi consortium, that recognised some 
devices and vendors as "WPA compliant" before the standard was 
published. This is due to the fact that the WiFi market was about 
stopped for professional users because of the absence of security (WEP 
encription is no security at all since years). Those devices, sold as 
WPA compliant, are just expected to be WPA compatible or able to 
communicate with true WPA devices running in degraded mode.

So, once again, there is a huge difference between what you see on the 
box (commercial view) and what is actually inside (technical view). A 
search on the web shows me that the status of the WPA standard gets 
updated recently, indeed:

http://arstechnica.com/news/posts/20040625-3933.html:

"True 802.11i implementations will be better known as WPA2, and while 
some products already support WPA, few will be able to handle the AES 
encryption scheme, and may not be upgradeable. More testing is expected 
to continue throughout the summer, with major rollouts beginning in the 
fall." (06/25/2004)

So, as you see, WPA was so heavily used on products BEFORE the actual 
publication that it is now published as WPA2. As written in this paper, 
I don't think true WPA device are already on the market (or it is very 
recent). They are more expected later this year. Devices that pretend to 
be WPA compatible are actually not supporting the full security scheme 
that might gives the whished level of security.

Some specialists says what I mean even about WPA:
http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci954465,00.html:

"[...] said the improved encryption that WPA offers over its 
predecessor, Wired Equivalent Privacy (WEP) is helpful, but there are 
many more factors for businesses to consider."
[...]
"After shedding VPNs for less cumbersome technology, many companies are 
returning to them [...]. From a security perspective, some firms are 
smartly beginning to view a Wi-Fi network as a kind of remote access, 
rather than simply an extension of the wired network."
[...]
"You should treat a wireless LAN like an untrusted network outside of 
the firewall,"
[...]

Anyway, the full story is on http://www.wi-fi.org.

I still consider a WiFi network at home as a RJ45 outlet outside of my 
home. I wouldn't consider using that technology without adding my own 
encription level on it, even for home use.

Now, you're warned. The decision is yours. This doesn't prevent you from 
trying first with some borrowed hardware before purchasing, because the 
performances are often degrading very rapidly with distance and true 
buildings (not american ones).

So George, you are right when you say WPA is available from months, but 
it's unfortunately not true WPA or WPA2 I'm affraid, and so it is NOT 
secure as we could expect.

-- 
Brent Frère

Private e-mail:  Brent at BFrere.net

Postal address: 5, rue de Mamer
                L-8280 Kehlen
                Grand-Duchy of Luxembourg
                European Union

Mobile: +352-021/29.05.98
Fax:    +352-26.30.05.96
Home:   +352-307.341
URL:    http://BFrere.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lilux.lu/pipermail/lilux-help/attachments/20040926/c7e58f84/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: brent.vcf
Type: text/x-vcard
Size: 216 bytes
Desc: not available
URL: <http://lilux.lu/pipermail/lilux-help/attachments/20040926/c7e58f84/attachment.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3383 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lilux.lu/pipermail/lilux-help/attachments/20040926/c7e58f84/attachment.bin>

More information about the Lilux-help mailing list