Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security

U.S. Government Certified Wireless Security Products? 132

Posted by Cliff from the sniff-mah-encrypted-wireless-traffik dept.
superid asks: "Our facility is just beginning to install small wireless 802.11b networks to support our office developers and staff. I think most people end up happy with wireless and enjoy the freedom. Our little branch office has about 100 people and our whole facility has close to 3000 people, so it's reasonable to expect our wireless needs to grow. However, I have just received an email, sent to all network administrators of our facility, directing us to shut down all wireless devices until they are certified by our Information Security department. Of course I'm not surprised by this. I'm aware of the problems with WEP and tools like airsnort. I know there are numerous security products and projects, but can any of them trace a lineage back to FIPS? Wouldn't it be a major victory to see an OSS product listed as validated by NIST?"

"Here are the certification requirements:

Encryption must be implemented end-to-end over an assured channel and shall meet the FIPS 140-1 or 140-2, Overall Level 2 (Triple-DES or AES) standard, at a minimum.
I know there are uncertified software solutions, but for ease of integration, our office has chosen AirFortress for a hardware solution. This will run us about $2,500 for our small office and is quite reasonable. However, it would be nice if there was an Open Source solution as well. The difference is that any OSS solution must be 'certified'."
This discussion has been archived. No new comments can be posted.

U.S. Government Certified Wireless Security Products? More

U.S. Government Certified Wireless Security Products?

Comments Filter:

  • What? (Score:2, Funny)

    by need2jive ( 588990 ) on Friday June 28, 2002 @02:50PM (#3788175)
    What makes anyone think that the US government could do any better securing wireless devices than the millions of geeks currently working on the subject?

  • OSI won't work... (Score:4, Funny)

    by ImaLamer ( 260199 ) <john...lamar@@@gmail...com> on Friday June 28, 2002 @02:54PM (#3788208) Homepage Journal
    OSI won't work for gov't certifications because the backdoor would be visible to the world.

    [[[rimshot]]]

  • Re:Why government certified? (Score:5, Funny)

    by American AC in Paris ( 230456 ) on Friday June 28, 2002 @03:23PM (#3788369) Homepage
    Why do we jump to have the government certify our electronic devices, standards, and protocols? Why can't we merely rely on the private sector to develop sound products? Why don't we fight for LESS government and LESS government intervention? How much control over your daily lives do you want the government to have?

    Many Slashdot readers are "liberal" or "left-leaning" and are opposed to the War on Drugs and drug laws in general. If you don't like the government telling you what you can and cannot put in your body, why are you so eager to have the government tell you what it thinks the best and worst products are? Let the private sector handle this.

    An excellent point, my "conservative" or "right-leaning" friend!

    I, for one, trust the private sector to make important standards decisions [microsoft.com] in a just and unbiased [rambus.com] manner. I know that can count on private enterprise to interact with the public an an open and honest [enron.com] fashion, and think that your average board of directors [worldcom.com] has a much better handle on what's going on with their company [xerox.com] than some hare-brained committee of bureaucrats has over some bloated, complex government scheme.

    Besides, I don't want such important things left up to some government agency that could disappear from the face of the planet in an instant [fuckedcompany.com]--no, thank you, I'll take private enterprise any day. They're really looking out for what's best for me [riaa.com].

    ...perhaps we should look to Europe [rail.co.uk] for examples of how to do things properly...

  • Bird on a wire (Score:2, Funny)

    by ebonkyre ( 520924 ) on Friday June 28, 2002 @04:42PM (#3788784)
    That sort of security breach would be quickly detected due to the severe signal attenuation caused by the bird's weight dampening the vibration in the string. However, as this technology grows in popularity and is used over longer distances, the amplification needed to combat degradation from the weight of the string would at some point overcome this means of detection - a possible solution would be to talk so loudly that the resulting vibrations would actually knock the bird off.

    This does not address Denial of Service attacks caused by birds attempting to collect bits of the string for nesting material; a preferable solution to both issues would be to run the string inside a conduit with a diameter greater than the maximum amplitude of the carrier waves. Care should be taken to plan ahead and use larger conduits than are currently needed, in order to accomodate future increases in wave size.

    Otherwise, everyone will be clamoring for "fatter pipes".

Slashdot Top Deals

One possible reason that things aren't going according to plan is that there never was a plan in the first place.

Close