Security Web Digest: Wireless Security Interoperability Lacking

Shmoo robot roams the hall sniffing for wireless vulnerabilities Israeli technology grants to create commercial security products General Accounting Office says Federal agencies not complying adequately with 1974 Privacy

Wireless Security

Suppliers of wireless LAN products are falling short in their efforts to deliver highly secure products that are interoperable with those of other vendors, according to a recently released report from the Meta Group. "We continue to see lackluster adoption of wireless LANs in the enterprise," says Chris Kozup, program director with Meta Groups Technology Research Services. "A handful of vendors have been aggressive in trying to solve these problems but each continues to push their own agenda." He singled out Cisco with its support for the Leap protocol, which requires buy-in to an all-Cisco access-point infrastructure, and Microsoft with its support for Peap, which is supported in its newer operating systems but it not compatible with Ciscos protocol. Both have roots in the 802.1x standard world.

A strange two-wheeled creature was skimming through the halls of the Alexis Park Hotel on Sunday--a robot that sniffs out network vulnerabilities. Created by two members of a loose association of security experts called the Shmoo Group, the robot is designed to wheel around on its own detecting and reporting the security problems of Wi-Fi wireless networks. The prototype robot, which has not been named, may be the first creature designed for this purpose.


From software that can "translate" a guard dogs bark to lasers that sniff out explosives, Israel is banking on years of defense expertise to give it an edge in a burgeoning U.S. security market. Israeli ingenuity in cross-the-board technologies and an ability to quickly turn an idea into a product is seen likely to return the countrys industry to prominence in a world obsessed by security. With an eye on future profits in the emerging security market, Israels minister of science and technology, Eliezer Sandberg, launched a grant program this year to encourage the countrys researchers to focus on solving security problems. "The idea is to direct research by handing out grants to areas where we think there will be economic benefit," he said.


Federal agencies arent doing a consistent job when it comes to complying with the requirements of a 1974 act aimed at assuring individual privacy, according to federal auditors. A recent survey of 25 federal agencies by the General Accounting Office found that compliance with the provisions of the Privacy Act was uneven in many cases, ranging from full compliance with the various provisions in the act to only 70% compliance. At the same time, the GAO found that in 29 percent of the cases, agencies didnt have adequate safeguards in place to ensure that individual data was accurate, relevant or timely before releasing it to nonfederal authorities.


The protocol that has defined e-mail for more than two decades may have a fatal flaw: It trusts you. Developed when the Internet was used almost exclusively by academics, the Simple Mail Transfer Protocol, or SMTP, assumes that you are who you say you are. "I would suggest they just write a new protocol from the beginning," Suzanne Sluizer, a co-author of SMTPs immediate predecessor and a visiting lecturer at the University of New Mexico, said in an interview. But some who worked on the protocol in its early days argue that it is flexible enough to have successfully evolved over the years--having absorbed numerous revisions and extensions--and that the authentication problem can be partially solved with existing technologies.