'Wi-Foo' Author On Trends In Wireless Security

prostoalex writes "Konstantin Gavrilenko from British security firm Arhont, co-author of Wi-Foo: Secrets of Wireless Hacking, recentlly reviewed on Slashdot, answered some of my questions on the current state of wireless security, market conditions for security experts and future trends, such as upcoming 802.1x and 802.11i standards."

Best Quote

[Lord Grey]

Best quote from the interview:

... What's your assessment of the tools available for Windows family of OSs?

Frankly, we try to limit the amount of interaction with MS Windows OS family to "only when it is really necessary".

With any luck at all, the sun will become a relatively small, burnt cinder before that happens.

Re:Wireless Security?

[tupps]

I beleive that a wireless connection to a network should be treated exactly the same way as an internet connection.

Therefore if you are a business and want to give your users access to the entire internal network they should be going through a VPN, the same way an external employee sitting at home would.

At the end of the day the connections are the same, you don't know who might be connecting, and you can't trust anything you send/recieve on the network.

Re:Wireless Security?

[JAD lifter]

To extend the prison metaphor, wouldn't the encryption that you use be the bars?

wi-fi security...

[zxflash]

Good read, the near future should bring some pretty amazing advances to Wi-Fi security (look forward to AES)

Wi-Fi Security [wi-fi.org]

Re:wi-fi security...

[random_culchie]

Its already here.
WPA [com.com] uses AES [rsasecurity.com] (implimented using the Rinjdeal or however its spelt,algorithm). FYI there was nothing seriously wrong with the encryption in WEP. RC4 is a strong algorithm.
However the poor key exchange and flawed generation of Initilisation vectors within WEP are the cause of the flaws. The algorithm itself is solid.
For all intents and purposes WEP would be just as insecure if it used AES insted of RC4.