SecurityFocus HOME Infocus: WEP: Dead Again, Part 2: "
WEP: Dead Again, Part 2
by Michael Ossmann
last updated March 8, 2005
Introduction
In part one we examined the latest generation of passive WEP cracking tools that use statistical or brute force techniques to recover WEP encryption keys from captured wireless network traffic. This time, in the second and final article, we take a look at active tools that use 802.11 transmissions to attack WEP networks."
If you thought that you could keep your WEP secure...read this and think again. Keep your WiFi in its own DMZ and consider its traffic an open book. -Bryan
Tuesday, March 15, 2005
Wednesday, March 02, 2005
High-Security Locks Are Key In Protecting Game Machine Revenue
High-Security Locks Are Key In Protecting Game Machine Revenue
By Jim Samuel
Locks are a paradox for the gaming industry. Seeming simple mechanical devices that are easy to operate and have remained virtually unchanged for decades, locks can also be one of the most difficult security devices to properly manage.
The cause of the paradox? Like most security issues in casinos, the cause is people. No matter how well a lock performs or how well it is made, it can’t be secure if its keys are improperly managed. The fact is that even the strongest locks cannot protect against lost or duplicate keys.
This is a great article that is written for the casino industry, but has great parallels in any security consideration. Take for instance, the fact that I am contracted to recover or change Windows administrator passwords at least several times per year. All I need is physical access to any system and I can own it within 10 minutes (up to 4 hours in the worst case so far). So all I need is access to the server room to own the server....right? Not quite. All I need is access to any system that is currently or has been on the network that has a valid and cached Domain Admin password. By cracking that system, I can own the Windows Domain/AD servers. It is time to get proper access control and auditing processes into place in today's small business, especially since the tools are already in place, just unused. Access control in a casino may be easier than in the average modern business - which has the better payout?....you decide, it's your money. -Bryan
By Jim Samuel
Locks are a paradox for the gaming industry. Seeming simple mechanical devices that are easy to operate and have remained virtually unchanged for decades, locks can also be one of the most difficult security devices to properly manage.
The cause of the paradox? Like most security issues in casinos, the cause is people. No matter how well a lock performs or how well it is made, it can’t be secure if its keys are improperly managed. The fact is that even the strongest locks cannot protect against lost or duplicate keys.
This is a great article that is written for the casino industry, but has great parallels in any security consideration. Take for instance, the fact that I am contracted to recover or change Windows administrator passwords at least several times per year. All I need is physical access to any system and I can own it within 10 minutes (up to 4 hours in the worst case so far). So all I need is access to the server room to own the server....right? Not quite. All I need is access to any system that is currently or has been on the network that has a valid and cached Domain Admin password. By cracking that system, I can own the Windows Domain/AD servers. It is time to get proper access control and auditing processes into place in today's small business, especially since the tools are already in place, just unused. Access control in a casino may be easier than in the average modern business - which has the better payout?....you decide, it's your money. -Bryan
Subscribe to:
Posts (Atom)