North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: WLAN shielding

  • From: Marshall Eubanks
  • Date: Tue Dec 02 22:15:07 2003

On Tue, 2 Dec 2003 20:36:51 -0600
 "Erik Amundson" <[email protected]> wrote:
> 
> 
> 	I have been looking into the Cisco Aironet solution recently for
> a project I'm working on.  They seem to have some great security
> features, if you want to take the time to configure it.  Oh, another
> caveat is that you have to use Cisco's wireless adapter as well,
> otherwise, good ol' WEP for you!

Then I hope you saw this today :

Cisco Security Advisory: SNMP trap Reveals WEP Key in Cisco Aironet AP

Revision 1.0

For Public Release 2003 December 02 17:00 UTC (GMT)

- ------------------------------------------------------------------------

Summary
=======
Cisco Aironet Access Points (AP) running Cisco IOS software will send
any static Wired Equivalent Privacy (WEP) key in the cleartext to the
Simple Network Management Protocol (SNMP) server if the snmp-server
enable traps wlan-wep command is enabled. Affected hardware models are
the Cisco Aironet 1100, 1200, and 1400 series. This command is disabled
by default. The workaround is to disable this command. Any dynamically
set WEP key will not be disclosed.

Cisco Aironet AP models running VxWorks operating system are not
affected by this vulnerability. No other Cisco product is affected.

This advisory will be available at
http://www.cisco.com/warp/public/707/cisco-sa-20031202-SNMP-trap.shtml

> 
> 	I haven't thought of the VPN idea that others have spoken of on
> the NANOG list yet...that's a good idea too...hmm....
> 
> - Erik
> 
> 
> 
> -----Original Message-----
> From: Andy Grosser [mailto:[email protected]] 
> Sent: Wednesday, November 26, 2003 11:02 AM
> To: [email protected]
> Subject: WLAN shielding
> 
> 
> Apologies in advance if this may not quite be the proper list for such a
> question...
> 
> My company is investigating the use of wireless in a couple of our
> conference rooms.  Aside from limiting the scope of reception with
> various directional antennae, does anyone have any suggestions or
> pointers for other ways to limit the propagation of signals (i.e.
> special shielding paint, panels or other wall coatings)?
> 
> Feel free to reply off-list.
> 
> Thanks!
> 
> Andy
> 
> ---
> Andy Grosser, CCNP
> andy at meniscus dot org
> ---
> 
> 
> 
>