Friday, October 19, 2007

GHC: Split Session: At the Internet's Edge

RFID: IP Network Applications and Societal Implications - Monique Morrow

Monique gave a great overview of the technology, which was a bit of a repeat for me, since I attended the RFID talk yesterday, but she did cover different aspects - covering passive vs active RFID chips. Passive devices are lower cost, but have lower range & more expensive readers than active devices.

"Hybrid" RFIDs that contain bar code, for backwards compatibility, are likely going to be the most popular. As this technology gains foothold in the world, we'll be able to get much larger & more accurate data about merchandise, pharmaceuticals, employees, etc.

By 2009, Monique is anticipating a significant share of network traffic with be RFID related (data, voice, video, RF, GPS).

Wireless Security Best Practices Guidelines - Nancy Cam-Winget

Wireless LANS are everywhere now - touching all of our lives, whether you know it or not.

These are so popular because they are cheaper and easier to deploy than traditional wired networks, and lead to increased productivity for employees. What's not to like?

It's harder to secure - the network goes beyond the walls ("open air"), uses a very standard protocol that anyone can use and understand - or their readily available inexpensive devices will.

Most common threats:
Accidental rogue access points
ad-hoc wireless networks
denial of service attacks
client mis-association

WEP was designed with out much (any?) input from knowledgeable security folks.

By the time the committee realized this, there were already millions of units deployed. So, they needed to come up with something to not immediately break those units.

So, a new standard was created (WPA2), but still needs to be backwards compatible for some time. This protects against man-in-the-middle attacks, but not if you still allow people to use WEP. It does not protect against rogue networks, though. She cautions that new deployments must not be done with WEP.

New technology for doing rogue detection & confinement is becoming available, so there is light at the end of the tunnel.

This was a very interesting talk, considering we have a WEP network here at Grace Hopper...

Valerie Fenwick

. You may comment on this blog by visiting the GHC Forum.

No comments:

Post a Comment