& cplSiteName &

Aruba Creates Security Stir

Light Reading
LR Mobile News Analysis
Light Reading
7/29/2004

Wireless LAN switch startup Aruba Wireless Networks is causing some friction amongst its rivals by publicizing a new Radius server hack that it intends to present to the Internet Engineering Task Force (IETF) next week.

Aruba claims that very few enterprises that have implemented Radius services are really secure and that if a hacker can connect an 802.11 access point to a corporate wired network, they may be able to grab Radius packets and use tools to perform a "dictionary attack" to discover the secret Radius "key" used between a Radius client and server. "Weak implementations [e.g., simple key words] allow cracking to be accomplished in a matter of hours, or days at the most," Aruba claims.

"Once broken, an attacker can use this information to conduct further attacks that include breaking 802.11i key exchanges and eavesdropping of wireless communication through interception of wireless encryption keys," according to a security paper on Aruba's site [ed note: link now defunct]. On the face of it, the Radius hack seems similar to other dictionary attacks already outlined by Aruba (see Look Before You LEAP). But other vendors are in a huff over what they see as Aruba exploiting known weaknesses in Radius wired security to try and spread fear, uncertainty, and doubt about wireless security.

"This is something that people have known about for a while," says Dan Harkins, security architect at Trapeze Networks Inc. "It's nothing to do with wireless security."

"It's a cooked-up crisis," suggests Alan Cohen, VP of marketing at Airespace Inc., and if a hacker has pentrated deep enough into corporate buildings to be able to plug into the wired network, then they will be able to do a lot more damage than just hacking into the wireless network.

"If I've broken into your house, do I really want to start making copies of house keys, or start looking for where you keep your jewelry?" asks Cohen, removing a ski-mask.

But Aruba is sticking to its guns, while clarifying that the hack doesn't have anything to with the security of the new 802.11i standard.

"Its a wired issue that is made worse by wireless," says David Callisch, communications director at Aruba. Enterprise wireless LAN leader Cisco Systems Inc. (Nasdaq: CSCO) says that it cannot comment on Aruba's papers before the firm presents them to the IETF next week.

— Dan Jones, Site Editor, Unstrung

(8)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
h8_wifi
h8_wifi
12/5/2012 | 1:24:34 AM
re: Aruba Creates Security Stir
Why are you asking wifi companies to comment anyway? You think Airespace or Trapeze know jack about security? They make RF toys. Go talk to people like @stake or RSA and ask them if they think this is serious.. It's old news but I guess if nobody listened the first time around, maybe wifi will make them think this time.
h8_wifi
h8_wifi
12/5/2012 | 1:24:34 AM
re: Aruba Creates Security Stir
"If I've broken into your house, do I really want to start making copies of house keys, or start looking for where you keep your jewelry?"

That all depends on what you're after. If you want free Internet access, then the analogy is a good one. But what if what you're really after is inside a locked safe, and you don't know the combination? You're going to be looking for a way into that. I might be able to use a rogue to get on a network, but then I have file servers that are locked to me because I have no account. But if I can get a valid user's encryption keys, then I can read everything they do or even jack into their communication. It's a pretty cool little attack.
whatdafuq
whatdafuq
12/5/2012 | 1:24:33 AM
re: Aruba Creates Security Stir
"But if I can get a valid user's encryption keys, then I can read everything they do or even jack into their communication. It's a pretty cool little attack."

Hey ace. You have to be in the wired network to
do this "attack". If you're there then why would
you waste time launching a dictionary attack to
recover keys to crack a key exchange to decrypt
user data when the user data is flowing unencrypted
right in front of you?

Think about it. The AP decrypts the traffic off
the air and puts it UNENCRYPTED on the wire.
And you're going to ignore all that unencrypted
data until you've launched a lame little "attack"
OK, whatever you say!

whatdafuq
whatdafuq
12/5/2012 | 1:24:33 AM
re: Aruba Creates Security Stir
No, it's you that doesn't know jack about
security. Read the RFCs you'll see this thing
was discussed LONG ago. What makes you think
that "nobody listened the first time around"?
Because Aruba told you? Oh, OK!

And if Airespace and Trapeze just make "RF toys"
then so does Aruba.

Aruba should be embarrased at releasing this.

And "RF toy"....sheesh. What an idiot.

lrmobile_tom mahoney
lrmobile_tom mahoney
12/5/2012 | 1:24:33 AM
re: Aruba Creates Security Stir
The eweek story which they leaked this stuff suggests a bunch of other collaborators like Microsoft. Do you know who the other contributors are? If others are working on this issue with Aruba, it would be good to hear from them as well. For some reason, this article has been pulled from Aruba's website.

http://www.eweek.com/article2/...



"We've collaborated with Microsoft [Corp.] and a bunch of other players to expose some vulnerabilities to wireless," said Merv Andrade, chief technology officer of Aruba, in San Jose, Calif. "802.11i is only one cog in the security wheel. If you're not watching your back, you might be lulled into a false sense of security." Microsoft officials did not respond to requests for comment."
h8_wifi
h8_wifi
12/5/2012 | 1:24:32 AM
re: Aruba Creates Security Stir
Wow, someone sure is hostile..

I'm guessing since you work for one of the RF toy companies, you probably don't know that much about networking. So for your benefit, I'll explain.

If I'm a bad guy, the longer I'm doing something bad, the more likely it is that I'll get caught. If I'm on a switched network, then all that good unencrypted data from the AP isn't available to me unless I'm sitting in the wiring closet, or constantly doing ARP poisoning. ARP poisoning is something my IDS will pick up, and the more times it gets done, the more it will get picked up. And the wonderful thing about wired networks is that once the good guys locate a MAC address, they can figure out exactly which port it's attached to and thus they know who gets fired.

If I'm a bad guy, then wireless is my best friend because I can monitor anywhere there are airwaves. I do my ARP poisoning once (from someone else's office if I'm smart) then go walk around with my laptop and wiretap whatever I want.

Anyone who thinks they have "secure wireless" is just fooling themselves.
h8_wifi
h8_wifi
12/5/2012 | 1:24:32 AM
re: Aruba Creates Security Stir
I take it you must work for one of the RF toy companies. I must compliment you on those pretty heatmap pictures you draw on the screen while you're letting everyone in the parking lot get in..

If people had listened the first time around, they wouldn't go off happily using Radius on networks where anyone can plug in. Do you really think the only threat is from outsiders? If you worked for some public company (do you know what that's like?) wouldn't it be nice to know the upcoming financials so you can do a little insider trading? Oh, the CEO uses wifi? Hmmm...

The problem that none of these wifi companies (including Aruba) gets is that wifi and security are mutually exclusive. Keep it out, fire the people who bring in rogues, and life is much better.
whatdafuq
whatdafuq
12/5/2012 | 1:24:31 AM
re: Aruba Creates Security Stir
No, I just have a low tolerance for people saying
stupid things.

RADIUS's problem is that large secret key databases
don't scale. And it's protocol is rigid and it's
growth is through VSAs and that's just broken.
It's problem is not that someone could have a
weak shared secret.

Is there a fundamental problem with ssh because
you can do hostbased client authentication and
the client's password might be a weak password?
No! The problem is that the client has a weak
password. The protocol is fine. Ditto this.

"wifi and security are mutually exclusive. Keep
it out...and life is much better."

Again, you don't know what you're talking about.
It is possible to deploy wireless securely and
to do it insecurely. It's, OF COURSE, easier to
do it insecurely. But please, stick your head
in the sand and enjoy your better life without
wifi.
Featured Video
Upcoming Live Events
October 22, 2019, Los Angeles, CA
November 5, 2019, London, England
November 7, 2019, London, UK
November 14, 2019, Maritim Hotel, Berlin
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events