Latest news
How Microsoft makes its own WLAN secure
Microsoft was one of the first large corporations to enable its entire corporate LAN over wireless, starting in 1999 with a rash promise by Bill Gates at Comdex. Three years later, says security chief John Biccum, they have something which is actually quite secure - more secure than the wired LAN. He told delegates at IT Forum how he did it.
John Biccum has been "the most unpopular man on campus" at Microsoft. "I didn't want to be the guy who told Bill Gates that it couldn't be done," he explained, "when he said that Microsoft would have the world's largest wireless network within a year." And so he was the man who had to make it work.
That involved making it not work, too - much to the rage of people who wanted to use the wireless network. John was the man who "switched off" 20,000 Pocket PC users by introducing security to his WLAN. Why?
"There was an executive call to action with Bill's speech," said Biccum at the Forum in Copenhagen today, "but there was also the issue of productivity. Microsoft employees are very mobile, and I'm pretty typical in having an office where I'm rarely to be found. So we had to have a network; but when we first put it up, it was very, very insecure."
The problem was the static WEP key adopted. Every access point and every client wireless adapter had the same static WEP key burned into it. It provided some security and at the time, WEP attack methods were a vision, not a reality. But the problem with a single secret key is that it was a secret. "And as BlackBeard said - any two people can keep a secret, if one is dead. Having 50,000 network cards with the same "secret" burned into them? It was only a matter of time before it was posted on the Internet - and for some weeks, part of my job was looking on the Internet to see if it was posted."
And the idea of switching it was just a dream. "Reality is that if you have 3,500 access points, you can't just say "On Monday we will switch keys!"
[ Read more ]
Comment:
For all your wireless security information needs, visit the Wireless outside articles section of HNS.
Related items
- Software: Kismet
- Software: AirSnort
- Software: Fake AP
- Software: PrismStumbler
- Software: Wellenreiter
- Article: Wireless LAN Security (5 November 2002)
- Article: Wireless Security Threats (9 October 2002)
- Software: APTools
- Article: Hacking the Invisible Network: Insecurities in 802.11x (31 July 2002)
Spotlight
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
