Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For 802.11 and bluetooth security people alike. Latest trends, attack surface issues, and prevention. How wireless security is becoming the new vector to hacking corporate websites and applications. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Question
Posted by: Cagekicker
Date: June 18, 2008 05:28PM

I know this isn't really the place for a question like this, but I figure what better people to ask then the great minds at sla.ckers! :)

Let's say I wanted to set up a Wireless MAN for a law enforcement agency...
What ideas would ya'll have for a network that would have constantly moving clients (patrol cars)?

I pose this question because I have a 5-slide presentation that my instructor for my Wireless Security class just dropped on us for part of our mid-term so I'm curious to see if anyone here is familiar with setting up a WLAN of that extent?

Omni-directional antennaes
Repeaters of some sort, I'm guessing
Encryption for the data transfers (WPA2, right?)

Any other thoughts that could help me out here? Or perhaps someone knows of a good source where I could figure out a way to do this? Wireless isn't one of my strong-points... :oT

--------------------------------------------------------
Regarding gun carry laws: I'd rather be judged by 12 than carried by six...



Edited 1 time(s). Last edit at 06/18/2008 05:31PM by Cagekicker.

Options: ReplyQuote
Re: Question
Posted by: thrill
Date: June 18, 2008 06:34PM

As long as you have a central authentication system, it should not be a problem having roaming clients that jump from one AP to the next. And yes, currently WPA2 is the best.. at least I don't think they've updated CoWPAtty to crack it yet.. but it's been a while since I checked.. :)

And yes on the omni-directional antennas.. with 802.11n you get nice coverage, even with g it's pretty quick.

802.1x authentication using both certs and LDAP/Radius is highly recommended.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Question
Posted by: ntp
Date: June 18, 2008 07:45PM

Cagekicker Wrote:
-------------------------------------------------------
> Let's say I wanted to set up a Wireless MAN for a
> law enforcement agency...
> What ideas would ya'll have for a network that
> would have constantly moving clients (patrol
> cars)?

You probably wouldn't use WiFi or WiMax for this purpose. There is a secure protocol just for this sort of use called COMP. There is a company that makes the gear for this called CoCo:
http://www.cococorp.com

COMP works with many different types of RF, terrestrial wireless, and satellite systems - as well as analog systems such as copper wire and just about everything.

In other words, no, don't use WiFi or WiMax for law enforcement purposes.

@ thrill:

WPA-PSK is better than WPA-Enterprise for various reasons that I will simply choose not to get into or argue about here. The basics is that 802.1x, LDAP, RADIUS, etc - these add unnecessary complexity and are easy targets for attackers.

Also look for an update to the KARMA attack software soon - possibly called KARMetasploit (a BackTrack-based LiveCD project).

Options: ReplyQuote
Re: Question
Date: June 18, 2008 09:21PM

>> WPA-PSK is better than WPA-Enterprise for various reasons

Could you elaborate more on that? I thought Enterprise was more secure, since it allows for separate encryption streams, because each client gets its own opposed to a PSK setup where all clients share the same key. Correct me if I am wrong. I plan on upgrading to WPA-Enterprise with PEAP and would like to know any shortcomings it may present me. Thanks.

Options: ReplyQuote
Re: Question
Posted by: thrill
Date: June 18, 2008 09:35PM

@ntp - Good info on all counts! I (luckily) have not had to deal too much with wireless in the last few years so I've been out of the loop.. as for the COMP, I always wondered what it was that they used.. <evil look in his eyes>.. :)

Right now at work we use WPA-Ent with PEAP (like Cryptic is thinking of using), we use our Active Directory to authenticate, and if it's not a windows machine, you must first install the cert.. works pretty well, and lucky for me, someone else did the install.. heh..

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Question
Posted by: Cagekicker
Date: June 19, 2008 02:22AM

Thanks for the replies, guys.

I was able to piece together enough data to put my presentation together with little effort after you pointed me to CoCo Corporation. :)

--------------------------------------------------------
Regarding gun carry laws: I'd rather be judged by 12 than carried by six...

Options: ReplyQuote
Re: Question
Posted by: id
Date: June 19, 2008 12:40PM

The cheap way to do this would be to use Edge cards and a VPN. ~$60 a month per car to add, and I'm sure LE could work out a deal with verizon or att.

-id

Options: ReplyQuote
Re: Question
Posted by: ntp
Date: June 19, 2008 03:46PM

WPA-Personal has the AP and a crypto exchange. WPA-Enteprise has... well... somebody please explain it because I don't feel like spending the next half hour reading about it and the following ten minutes writing about it.

Also - No, WPA2-Personal can in many cases be made to not use a shared-key. Using a shared-key would be stupid, I agree. For example, HostAP can configure per-MAC (i.e. per-client) PSK's using a specifically configured /etc/hostapd.conf file for this purpose.

Many commercially available or COTS access-point hardware also supports this functionality for WPA2-Personal.

PEAP also has specific attacks against it. Windows XP SP0,SP1,SP2 all are vulnerable to a wireless "auto configuration weakness", and thus any KARMA or other complex evil-twin attacks. This can absolutely result in compromise, which could easily result in the compromise of a EAP-TLS certificate, or well... anything. RADIUS, LDAP, and AD have now just opened your server-side surface area to huge proportions. There are many integer/heap BO vulnerabilities that could be discovered, say, on-the-fly with regards to these protocols. They are not to be considered safe by any measure of the term.

Only Windows Vista, Windows XP SP3, and Windows XP SP2 with the specific Wireless Client Update address the auto configuration weakness.

There are other, less known attacks that have not even been talked about publicly with regards to WPA-Enteprise. For example, if you happen to be connected to wiredside and wireless at the same time, there are ways of controlling DNS or other network protocols from one side to the other, without even associating to the wireless network (which could include RADIUS, LDAP, etc).

Options: ReplyQuote
Re: Question
Date: June 19, 2008 10:42PM

*calls ISP and cancels service* Only way to be safe =o(

Thanks for the info ntp, will read up more about this before I decide to upgrade.

Options: ReplyQuote
Re: Question
Posted by: c0nik
Date: August 19, 2008 02:45AM

hmm good thread


thewifihack.com

Options: ReplyQuote


Sorry, only registered users may post in this forum.