I am trying to find information about how secure running and processing credit cards on a 802.11b wireless system. Any help is great whether it is a place to gather information or if anyone has some information on this area of security. Thanks

Cwireless

You definately need some form of encryption. In default mode, 802.11 access points and radio cards do not have any form of security. The 802.11 standards-based WEP (wired equivalent privacy) is an option, but there are toos that will crack WEP. You need a dynamic form of WEP, such as TKIP.

Don't use 802.11b for critical or sensitive information, WEP helps some, but is more or less to prevent evesdropping. If you must use 802.11b, then spend the bucks to implement a solution from Cisco. Otherwise you're playing with fire, there are versions of linux and applications which can scan and crack 802.11b with or without WEP. You would be moving very sensitive information with very little security a recipe for disaster.

Of the solutions available at least until WPA comes of age, only Cisco LEAP/EAP with mutual authentication 802.1x would be offer some safety vs 802.11b. In the past people have plugged in wireless cards to laptops in parking lots outside stores and received unsecured credit information. Instead of implementing a Cisco solution, wouldn't running a cable be just as easy???

On my own quest for improved security (over WEP) I have recently discovered the Zywall 10W supports VPN tunnels over wireless lan to lan. 3DES IPsec tunnels likely are safe to use. Thus if you have $400 +- pick up a Zywall 10W, an appropriate card (it needs to have a wireless laptop card added to enable wireless functionality) and sentinel (Zywalls IPsec VPN software). You may also wish to investigate similar capability (likely at a somewhat higher price) available from Cisco (who usually sets the gold standard for security). Putting credit information over WEP is not very secure.

I could talk all day about why you don't want to use IPSec in wireless from a security perspective. I could talk for half a day about why you don't want to use 802.1x for authentication in wireless as well. The truncated Reader's Digest version would begin like this:

IPSec: ARP Poisioning DoS attacks shutdown the WLAN and cannot be prevented. Man in the middle attacks compromise tunnels.

802.1x: Session hijacking attempts were known against it before it was "chosen" for wireless use. The variable security (from strong but needy EAP-TLS to laughably weak EAP-MD5) is quite troubling, and varies based on client platform.


Look for a true layer 2 security solution with strong access control and encryption. Hint: Check out what the US Army is using.

Hi JoeTampa,
You wrote "IPSec: ARP Poisioning DoS attacks shutdown the WLAN and cannot be prevented. Man in the middle attacks compromise tunnels."

This sounds quite impressive. Could we break it down a bit, of the "attacks" mentioned, it appears only an attack which could compromise data in the tunnel (the VPN) would really bother anyone. DOS while annoying, doesn't compromise data.

Assume a shared secret key, are you of the opinion that it is possible to launch a sucessful man in the middle attack against say either the Windows IPSec client or a 3rd party product such as sentinel (properly configured of course). I'd be interested in reading any link you can offer which would describe a successful man in the middle attack against a wireless VPN which didn't involve somehow getting the shared secret (other than derriving the shared secret from the data in the tunnel). A man in the middle unable to interpret the data they are holding, isn't all that scary. It's only if there exists a real threat of breaking the key that I'd start to be concerned. Thus perhaps you'd be kind enough to articulate a bit more in this area to help me better understand your position. Thanks in advance for helping me understand these configurations better.

It may be that he is referring to FreeS/WAN. It's an opensource IPSec system that (when improperly configured) is vulnerable to MITM attacks because of it's reliance on DNS in part of the key exchange.

Personally, I wouldn't send sensitive data over a wireless link, but if I *had* to I would probably run WEP (spare me the "WEP is pointless" speaches. It still slows down attackers), an IPSec VPN (terminated into OpenBSD boxes at each end if possible), and run an ssh2 tunnel inside the VPN tunnel. In addition, I'd run arpwatch to alert me of ARP issues and an IDS of some sort between the access points and their respective firewalls (you *ARE* firewalling at each end right? ;) ) I'd also run purely Cisco gear as it (in all of my lab tests so far) seem to not produce weak IV packets which further slows down WEP cracking.

Nothing is perfect, but the more layers you stack, the more time it would take a would-be attacker.

It's the same theory as physical security. Given enough time and resources, a burgular can get through as many doors and locks as you can put up. Remember though that if the effort and/or risk of getting caught outweighs the benefit, criminals will go find lower-hanging fruit.

Just my $.02

-d