U.S. Government Certified Wireless Security Products? 132
superid asks: "Our facility is just beginning to install small wireless 802.11b networks to support our office developers and staff. I think most people end up happy with wireless and enjoy the freedom. Our little branch office has about 100 people and our whole facility has close to 3000 people, so it's reasonable to expect our wireless needs to grow. However, I have just received an email, sent to all network administrators of our facility, directing us to shut down all wireless devices until they are certified by our Information Security department. Of course I'm not surprised by this. I'm aware of the problems with WEP and tools like airsnort. I know there are numerous security products and projects, but can any of them trace a lineage back to FIPS? Wouldn't it be a major victory to see an OSS product listed as validated by NIST?"
"Here are the certification requirements:
I know there are uncertified software solutions, but for ease of integration, our office has chosen AirFortress for a hardware solution. This will run us about $2,500 for our small office and is quite reasonable. However, it would be nice if there was an Open Source solution as well. The difference is that any OSS solution must be 'certified'."Encryption must be implemented end-to-end over an assured channel and shall meet the FIPS 140-1 or 140-2, Overall Level 2 (Triple-DES or AES) standard, at a minimum.
What? (Score:2, Funny)
OSI won't work... (Score:4, Funny)
[[[rimshot]]]
Re:Why government certified? (Score:5, Funny)
Many Slashdot readers are "liberal" or "left-leaning" and are opposed to the War on Drugs and drug laws in general. If you don't like the government telling you what you can and cannot put in your body, why are you so eager to have the government tell you what it thinks the best and worst products are? Let the private sector handle this.
An excellent point, my "conservative" or "right-leaning" friend!
I, for one, trust the private sector to make important standards decisions [microsoft.com] in a just and unbiased [rambus.com] manner. I know that can count on private enterprise to interact with the public an an open and honest [enron.com] fashion, and think that your average board of directors [worldcom.com] has a much better handle on what's going on with their company [xerox.com] than some hare-brained committee of bureaucrats has over some bloated, complex government scheme.
Besides, I don't want such important things left up to some government agency that could disappear from the face of the planet in an instant [fuckedcompany.com]--no, thank you, I'll take private enterprise any day. They're really looking out for what's best for me [riaa.com].
Bird on a wire (Score:2, Funny)
This does not address Denial of Service attacks caused by birds attempting to collect bits of the string for nesting material; a preferable solution to both issues would be to run the string inside a conduit with a diameter greater than the maximum amplitude of the carrier waves. Care should be taken to plan ahead and use larger conduits than are currently needed, in order to accomodate future increases in wave size.
Otherwise, everyone will be clamoring for "fatter pipes".