The Hitchhiker's World Issue 5: An unwired Universe, Tales from the Void - assorted topics including race conditions and algorithms, safe security practises etc.
8a72b9c0133b4795344bc8556a4982a0030c31d4decd4b2bc3c5f5ca601dd4ab<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="keywords" content="hitchhiker, security magazine, security holes, exploit, buffer overflow, vulnerability, security writers, malware, virus, trojan, security writers">
<meta name="description" content="The HH's World features mostly network-security articles/programs along with a touch of personal expression. Entries & comments are welcomed.">
<META NAME="AUTHOR" CONTENT="Arun Koshy">
<title>Securitywriters.org - Hitchhiker's World - Zine #5</title>
<link rel="stylesheet" type="text/css" href="libstyle.css">
<script language="JavaScript">
<!--
function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);
// -->
</script>
</head>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="100">
<tr>
<td width="100%" height="43" align="center" class="bluelink">
<p class="title">The Hitchhiker's World <br>
Issue #5</p>
</td>
</tr>
<tr>
<td width="100%" height="19">
<div align="center">
<p><b>Soli Deo gloria - To God alone be glory</b></p>
</div>
</td>
</tr>
<tr>
<td width="100%" height="19">
<p>Released : October 12th' 2002</p>
</td>
</tr>
<tr>
<td width="100%" height="19">
<p>Editor : <a href="mailto:hwcol@arunkoshy.cjb.net">Arun Koshy</a></p>
</td>
</tr>
<tr>
<td width="100%" height="19">
<p>Contributors : <a href="mailto:mrcorp@yahoo.com">Charles Hornat</a></p>
</td>
</tr>
</table>
<p><B><font face="Arial, Helvetica, sans-serif" size="2">DISCLAIMER :</font></B><font face="Arial, Helvetica, sans-serif" size="2">
[Insert the biggest, most comprehensive lawyerspeak here]. <B>Securitywriters.org
(SWG) or the author(s) are NOT RESPONSIBLE for anything</B> that happens to
you, ur cat, dog, sexlife or wife after you go through the information presented
below. Enjoy.</font></P>
<p><font face="Arial, Helvetica, sans-serif" size="2"><br>
<b class="emph">Contents</b><BR>
</font></P>
<UL>
<LI><font face="Arial, Helvetica, sans-serif" size="2"><a href="#ART1">An unwired
Universe</a><br>
<br>
{ Notes : An encyclopedic introduction to wireless technology, a must-read!
} <br>
{ Contrib : Charles Hornat }</font><font face="Arial, Helvetica, sans-serif" size="2"><BR>
</font></LI>
</UL>
<UL>
<LI><font face="Arial, Helvetica, sans-serif" size="2"><A
href="#ART3"> Tales from the Void</A><BR>
<br>
{ Notes : Misc. topics investigated }<br>
{ Contrib : Hitchhiker }</font></LI>
</UL>
<UL>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a
href="#EDIT">Logfile</a><br>
{ News, Views etc }</font></li>
</UL>
<UL>
<li><a href="#CONTRIB"><font face="Arial, Helvetica, sans-serif" size="2">How
can you contribute ?</font></a><font face="Arial, Helvetica, sans-serif" size="2"><br>
{ Procedure for sending submissions for the zine }<BR>
</font></li>
</UL>
<P ></P>
<P ><font face="Arial, Helvetica, sans-serif" size="2">Suggested Links : <a href="hh4.php">Issue
#4</a> , <a href="http://groups.google.com">usenet postings</a></font></P>
<P ><font face="Arial, Helvetica, sans-serif" color="#000000" size="2">Movies
: Race The Sun (James Belushi, Halle Berry)<BR>
<BR>
</font>
<p align="left"><font face="Arial, Helvetica, sans-serif" size="2" color="#000000">Music
: Wheatus (Teenage Dirtbag), Five (cover of Queen's We will rock you), Bryan
Adams (Here I am)<br>
</font></p>
<P>
<hr>
<p> <a name=#ART1></a><span class="text_head1">An unwired Universe<br>
</span><a href="http://www.mrcorp.net" target="_blank"> By Charles Hornat</a>
<p><b><font face="Arial, Helvetica, sans-serif" size="2">Overview</font></b><font face="Arial, Helvetica, sans-serif" size="2"><br>
<br>
After seeing many articles and the huge wave of interest in wireless technology,
I felt it's time for a buffet on the subject, also highlighting the pros and
cons. Here's hoping that, you would gain a better understanding and position
to read further (comfortably) on the subject.<br>
<br>
Please be aware that this is much like a "crash" course, You are adviced
to go thru the references given for further study.</font></p>
<p><font face="Arial, Helvetica, sans-serif" size="2"><b>Quick Jump</b></font></p>
<menu>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="#WLANNA">Wireless
LAN Network Architectures</a><br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="#WTECH">Wireless
Technologies</a></font></li>
<menu>
<li><font face="Arial, Helvetica, sans-serif" size="2"> <a href="#INFRAW">Infrared
Wireless</a><br>
</font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif"><a href="#RADIOF">Radio
Frequency (RF)</a><br>
</font></li>
</menu>
</menu>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="#WPROTO">Wireless
Protocols</a> <br>
<br>
</font>
<ul>
<li><font size="2" face="Arial, Helvetica, sans-serif"><a href="#WAP">Wireless
Application Protocol (WAP)</a> </font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="#WGAP">The
WAP Gap.</a></font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="#WTLS">Protecting
WTLS WAP Gateways</a><br>
<br>
</font></li>
</ul>
</li>
<li><font size="2" face="Arial, Helvetica, sans-serif"><a href="#BLUETOOTH">Bluetooth</a>
</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="#BLUESEC">Bluetooth
Security Issues</a></font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif"><a href="#SECBLUE">Securing
Bluetooth</a><br>
<br>
</font></li>
</ul>
</li>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="#802">802.11
Current</a></font>
<ul>
<li><font size="2" face="Arial, Helvetica, sans-serif"><a href="#802CTRL">Access
Control</a></font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif"><a href="#WEP">Wired
Equivalent Privacy (WEP)</a></font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="#11bsec">802.11b
Security</a></font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="#802future">802.11
Future</a><br>
<br>
</font></li>
</ul>
</li>
</ul>
</li>
<li><font size="2" face="Arial, Helvetica, sans-serif"><a href="#TOP5">Top 5
Security Issues</a></font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="#EAVS">Eavesdropping</a></font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif"><a href="#LOSSDEV">Theft
or Loss of wireless devices</a></font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="#DOS">Denial
of Service</a></font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif"><a href="#VIRUS">Viruses</a></font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="#MASQ">Masquerading</a><br>
<a href="#CHTSHEET"><br>
</a></font></li>
</ul>
</li>
<li><font size="2" face="Arial, Helvetica, sans-serif"><a href="#CHTSHEET">Wireless
Cheat Sheet</a><br>
<br>
</font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif"><a href="#BTVS802">Bluetooth
vs. 802.11. 10</a></font></li>
</ul>
<p><font face="Arial, Helvetica, sans-serif" size="2"><b><a name="WLANNA"></a>Wireless
LAN Network Architectures</b></font></p>
<ol>
<li><font face="Arial, Helvetica, sans-serif" size="2"><b>Ad-Hoc :</b> is a
peer-to-peer setup where one wireless client talks directly to another without
passing through any additional access point or proxy. A common network
identifier is used for peers to communicate with each other.<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2"><b>Single Point of Access
:</b> an <i>AP (Access Point)</i> is used in this type of setup to connect
wireless users to a wired network. This acts like a bridge between the wireless
users and the network with which they wish to connect to. The AP is responsible
for authenticating the wireless users via password and <a href="http://www.pcwebopaedia.com/TERM/M/MAC_address.html" target="_blank">MAC
address</a>. Network performance is inversely proportional to the distance
between the node and its AP.<br>
<br>
E.g. A system that is 5 feet from the Access Point could monopolize the bandwidth
from other nodes while another one 20 feet away could experience degraded
network performance.<br>
<br>
The area surrounding the AP is called <i>“Basic Service Set”, or BSS</i>.
<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2"><b>Multiple Access Point
:</b> This setup allows multiple APs for the network. The network “hand-off”
the users' info and ensures the best network performance available by allocating
the closest free AP.</font></li>
</ol>
<h1><font face="Arial, Helvetica, sans-serif" size="2"><a name=WTECH>Wireless
Technologies</a> </font></h1>
<h2><font face="Arial, Helvetica, sans-serif" size="2"><a name=INFRAW>Infrared
Wireless</a></font></h2>
<ul>
<li> <font face="Arial, Helvetica, sans-serif" size="2"> 2mbps</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Can not penetrate opaque
objects</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Uses direct or diffused
technology</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Directed (Requires
line of sight)</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Diffused (Limited
to short distances such as a single room)<o:p></o:p></font></li>
</ul>
</li>
</ul>
<h2><font face="Arial, Helvetica, sans-serif" size="2"><a name=RADIOF>Radio Frequency
(RF)</a></font></h2>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Most use 2.4 GHz frequency
range</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Most popular WLAN technology</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Covers long ranges</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Includes narrowband and
spread spectrum technology</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Previous versions ran
at 2 mbps</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Current run at 11 mbps</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">New standards allow use
at 54 mbps<o:p></o:p></font></li>
</ul>
<h1><font face="Arial, Helvetica, sans-serif" size="2"><a name=WPROTO>Wireless
Protocols</a></font></h1>
<h2><font face="Arial, Helvetica, sans-serif" size="2"><a name=WAP>Wireless Application
Protocol (WAP)</a></font></h2>
<ul>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Operates over a multitude
of different wireless technologies:</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Cellular Digital
Packet Data (CDPD)</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Code Division Multiple
Access (CDMA)</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Global System (GSM)<br>
<br>
</font></li>
</ul>
</li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Built in security at
the transport lawyer similar to SSL</font> </li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Enables a multitude of
wireless devices including cell phones and PDAs to have a common way to access
the internet<o:p></o:p></font></li>
</ul>
<h3><font face="Arial, Helvetica, sans-serif" size="2"><a name=WGAP>The WAP Gap</a></font></h3>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">WAP (Wireless
Application Protocol) has an issue commonly referred to as the “WAP gap.” </font></p>
<table width="75%" border="0">
<tr>
<td>
<div align="center"><img src="wsimgs/cell.gif" width="79" height="95"><br>
<font size="1" face="Arial, Helvetica, sans-serif">Wireless device</font><br>
</div>
</td>
<td>
<div align="center"><br>
<img src="wsimgs/arrow.gif" width="102" height="14"><br>
<font face="Arial, Helvetica, sans-serif" size="2">(WTLS) </font><br>
</div>
</td>
<td>
<div align="center"><img src="wsimgs/server.gif" width="97" height="93"><br>
<font size="1" face="Arial, Helvetica, sans-serif">WAP Gateway</font>
</div>
</td>
<td>
<div align="center"><img src="wsimgs/arrow.gif" width="102" height="14"><br>
<font face="Arial, Helvetica, sans-serif" size="2">(TLS/SSL)</font></div>
</td>
<td>
<div align="center"><img src="wsimgs/compy.gif" width="107" height="93"><br>
<font size="1" face="Arial, Helvetica, sans-serif">Internet Server</font>
</div>
</td>
</tr>
</table>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">WTLS: Wireless Transport
Layer Security<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Used in versions prior
to WAP 2.0<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Requires the WAP Gateway
to decrypt WTLS transmissions and the re-encrypt as TLS/SSL<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Sensitive data is exposed
as it traverses the gateway</font></li>
</ul>
<p class=MsoNormal style="MARGIN-LEFT: 0.25in"><font face="Arial, Helvetica, sans-serif" size="2"><o:p></o:p>If
an attacker were to compromise the wireless gateway, she would be able to access
all of the secure communications traversing the network juncture.<span style="mso-spacerun: yes"> </span>The
wireless carrier usually controls the gateway.<span
style="mso-spacerun: yes"> </span>The user will not be able to gain any
knowledge regarding the security in place at the gateway.<span
style="mso-spacerun: yes"> </span>This setup requires that the users implicitly
trust that the gateway is secure and monitored.</font></p>
<p class=MsoNormal style="MARGIN-LEFT: 0.25in"><font face="Arial, Helvetica, sans-serif" size="2"><o:p> </o:p>WTLS
is replaced by TLS in WAP 2.0.<span style="mso-spacerun: yes"> </span>The
gateway above is no longer needed to translate (decrypt from one standard and
re-encrypt to another) since the Internet servers are able to interpret the
TLS transmission directly.<span
style="mso-spacerun: yes"> </span>All data remains encrypted as it passes
through the gateway.<span style="mso-spacerun: yes"> </span>Since there
is such a large difference in WAP technologies, the implementation of WAP 2.0
may take a long time.<o:p></o:p></font> </p>
<h3><font face="Arial, Helvetica, sans-serif" size="2"><a name=WTLS>Protecting
WTLS WAP Gateways</a></font></h3>
<ul>
<li> <font face="Arial, Helvetica, sans-serif" size="2"> Ensure the WAP Gateway
never stores decrypted content on secondary media<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Implement additional
security at the higher layers<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Secure the WAP gateway
physically so that only administrators have access to the system console<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Limit administrative
access to the WAP gateway so that is not available to any remote site outside
the firewall<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Disconnect WAP application
from the rest of the network<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Add WAP devices to your
<a href="http://www.pcwebopaedia.com/TERM/P/PKI.html">PKI</a> infrastructure</font><font face="Arial, Helvetica, sans-serif" size="2"><o:p> </o:p></font></li>
</ul>
<h2><font face="Arial, Helvetica, sans-serif" size="2"><a name=BLUETOOTH>Bluetooth</a></font></h2>
<ul>
<li> <font face="Arial, Helvetica, sans-serif" size="2"> Can be used to almost
connect any device to another device<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Operates at the 2.4
GHZ ISM Frequency band<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Supports a range of
30 feet<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Maximum bandwidth is
1 MB/s<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Devices don’t need to
be “line of sight”<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Supports data, voice,
and content-centric applications<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Uses FHSS at up to 1600
hops per second<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Signal hops among 79
frequencies at 1 MHz intervals for a high degree of interference immunity<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Up to seven simultaneous
connections can be established and maintained<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Will be embedded in
future versions of Microsoft Windows and Pocket PC’s</font><font face="Arial, Helvetica, sans-serif" size="2"><o:p></o:p></font></li>
</ul>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">Each Bluetooth
device stores the following:</font></p>
<ul>
<li> <font face="Arial, Helvetica, sans-serif" size="2">48-bit unique device
address<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">128-bit unique unit
key</font><font face="Arial, Helvetica, sans-serif" size="2"><o:p></o:p></font></li>
</ul>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">Each connection
has a link key associated with it, this is used to generate the encryption key.
The link key value is chosen during connection setup for two devices that have
not previously communicated.<span
style="mso-spacerun: yes"> </span>After this is done, it is used for authentication.</font><font face="Arial, Helvetica, sans-serif" size="2"><o:p></o:p></font></p>
<h3><font face="Arial, Helvetica, sans-serif" size="2"><a name=BLUESEC>Bluetooth
Security Issues</a></font></h3>
<ul>
<li> <font face="Arial, Helvetica, sans-serif" size="2">The link key is not
really secret, connections can be eavesdropped and deciphered<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">The encryption can be
broken in some cases<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">A device’s address is
unique – by tracking a particular address a person’s activities can be tracked<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">A 4-digit PIN code must
be entered manually each time the device is used and this can be considered
a hassle<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">To avoid the hassle of
entering the 4-digit PIN code each time, the PIN code can be stored in the
devices memory or hard drive creating an inherent security vulnerability<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">The user chooses the
PIN code, and the PIN code requires no type of complexity.<span style="mso-spacerun: yes">
</span>Users can use ‘0000’ or ‘1234’</font><font face="Arial, Helvetica, sans-serif" size="2"><o:p></o:p></font></li>
</ul>
<h3><font face="Arial, Helvetica, sans-serif" size="2"><a name=SECBLUE>Securing
Bluetooth</a></font></h3>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><o:p> </o:p>The
Bluetooth specification defines 3 security modes:</font></p>
<p class=MsoNormal
style="MARGIN-LEFT: 0.5in; TEXT-INDENT: -0.25in; tab-stops: list .5in; mso-list: l13 level1 lfo18">
<font face="Arial, Helvetica, sans-serif" size="2">Non-secure - Non-secure mode
does not initiate any kind of security.</font></p>
<p class=MsoNormal
style="MARGIN-LEFT: 0.5in; TEXT-INDENT: -0.25in; tab-stops: list .5in; mso-list: l13 level1 lfo18">
<font face="Arial, Helvetica, sans-serif" size="2">Service-level security -
In Service-level security, security policies are defined by the access requirements
of the application the user is using.</font></p>
<p class=MsoNormal
style="MARGIN-LEFT: 0.5in; TEXT-INDENT: -0.25in; tab-stops: list .5in; mso-list: l13 level1 lfo18">
<font face="Arial, Helvetica, sans-serif" size="2">Link level Security - Security
standards are established before the link setup is complete.<span
style="mso-spacerun: yes"> </span></font></p>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">Most of
the problems associated with Bluetooth are inherent in the Bluetooth protocol
and implementation. Best practices to date suggest:</font></p>
<ul>
<li> <font face="Arial, Helvetica, sans-serif" size="2"> Implement the necessary
authentication<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2"> Implement the necessary
encryption mechanisms at the application layer<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Avoid the use of Unit
keys, use combination keys instead<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2"><span style="mso-bidi-font-size: 11.5pt">Perform
the bonding in an environment that is as secure as possible against eavesdroppers,
and use long random Bluetooth passkeys.</span></font></li>
</ul>
<p><font face="Arial, Helvetica, sans-serif" size="2"><span style="mso-bidi-font-size: 11.5pt">For
specific implementations and security concerning those implementations, please
see the white-paper on Bluetooth security at: <a href="http://www.bluetooth.com/upload/24Security_Paper.PDF">http://www.bluetooth.com/upload/24Security_Paper.PDF</a></span></font></p>
<h2><font face="Arial, Helvetica, sans-serif" size="2"><a name=802>802.11 Current</a></font></h2>
<p><font face="Arial, Helvetica, sans-serif" size="2">802.11 supports 3 physical
layers</font></p>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Infrared</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Radio Frequency</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">FHSS-Frequency Hopping
Spread Spectrum</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">DSSS-Direct Sequence
Spread Spectrum<br>
<br>
</font></li>
</ul>
</li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Technology spread into
802.11a, 802.11b, 802.11g</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">802.11b supports
up to 11 Mbps at 2.4 GHz</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">802.11a supports
up to 54 Mbps at 5 Ghz</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">802.11g supports
up to 54 Mbps at 2.4 Ghz</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">802.11b only uses
DSS which allows greater throughput but is more susceptible to radio signal
interference</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">802.11a are up to
<span class=GramE>5x</span> faster than 802.11b nets, but are not interoperable
with 802.11b nets.</font></li>
</ul>
</li>
</ul>
<h3><font face="Arial, Helvetica, sans-serif" size="2"><a name=802CTRL>Access
Control</a></font></h3>
<ul>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Media Access Control
(MAC) filtering<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Perform Service Set Identifier
(SSID)</font><font face="Arial, Helvetica, sans-serif" size="2"><o:p></o:p></font></li>
</ul>
<h3><font face="Arial, Helvetica, sans-serif" size="2"><a name=WEP>Wired Equivalent
Privacy (WEP)</a></font></h3>
<ul>
<li> <font face="Arial, Helvetica, sans-serif" size="2"> Encrypts data with
40 or 128 bit keys<br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Automated tools exist
to crack WEP encryption keys<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Exploits weakness in
RC4 key scheduling algorithm<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">AirSnort tool can compute
the key in less than 1 minute of sniffing wireless communication<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Completely passive attack
making it extremely difficult to detect<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Tools used to perform
attack are freely available for download on the internet</font><font face="Arial, Helvetica, sans-serif" size="2"><o:p></o:p></font></li>
</ul>
<h3><font face="Arial, Helvetica, sans-serif" size="2"><a name=11bsec>802.11b
Security</a></font></h3>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><b
style="mso-bidi-font-weight: normal">Problems<o:p></o:p></b></font></p>
<ul>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Media Access Control
(MAC) <span
class=GramE>address</span> filtering - can be sniffed and spoofed<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Service Set Identifier
(SSID) - broadcast by access points and should not be considered secret<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2"> The SSID can be easily
sniffed<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">WEP Encryption can be
easily cracked<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">40 or 128 bit Wired
Equivalent Privacy - has been broken using tools like:</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Airsnort: <a
href="http://airsnort.sourceforge.net/">http://airsnort.sourceforge.net/</a></font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">WEPCrack: <a
href="http://sourceforge.net/projects/wepcrack">http://sourceforge.net/projects/wepcrack</a></font><font face="Arial, Helvetica, sans-serif" size="2"><o:p></o:p></font></li>
</ul>
</li>
</ul>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><b
style="mso-bidi-font-weight: normal">Solutions<o:p></o:p></b></font></p>
<ul>
<li> <font face="Arial, Helvetica, sans-serif" size="2"> Use a strong Authentication
Mechanism<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Require mutual authentication
between client and server<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Utilize end-to-end encryption
at the higher protocol layers (e.g. SSH and SSL) - Using a VPN solution to
replace WEP<br>
<br>
</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2"> Configure the Access
Points to keep silent about the SSID - Disable the Access Points beacon signal
and configure it to ignore anonymous request for the SSID.<span style="mso-tab-count: 1"> </span></font><font face="Arial, Helvetica, sans-serif" size="2"><o:p></o:p></font></li>
</ul>
<h3><font face="Arial, Helvetica, sans-serif" size="2"><a name=802future>802.11
Future</a></font></h3>
802.11c – support for 802.11 frames
<p>802.11d – support for 802.11 frames, new regulations</p>
<p>802.11e – QoS enhancements in the MAC</p>
<p>802.11f – Inter Access Point Protocol</p>
<p>802.11g – High Rate or Turbo Mode – 2.4GHz bandwidth extension to 22Mbps</p>
<p>802.11h – Dynamic Channel Selection and Transmit Power Control</p>
<p>802.11i – Security Enhancement in the MAC</p>
<p>802.11j – 5 GHz Globalization among IEEE, ETSI Hiperlan2, ARIB, HiSWANa</p>
<p class=MsoNormal style="mso-layout-grid-align: none"><font face="Arial, Helvetica, sans-serif" size="2"><a name=TOP5><b>Top
5 Security Issues</b></a></font></p>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">Most information
below was gathered from SANS, Information Security Magazine and other top information
security resources.<o:p></o:p></font></p>
<p class=MsoNormal><b><font face="Arial, Helvetica, sans-serif" size="2"><a
name=EAVS>Eavesdropping</a></font></b></p>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Issues</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Attackers can gain
access to wireless transmissions without being close to the network.<span
style="mso-spacerun: yes"> </span></font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Difficult to detect
if someone is eavesdropping</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">An attacker can gather
critical or confidential material<br>
<br>
</font></li>
</ul>
</li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Steps to protect</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Use encryption like
SSH, SSL, IPSec or VPN </font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Prevent the Access
Point from broadcasting the SSID</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Use authentication
and access control (SSID and MAC address filtering) to prevent attackers
from being able to connect to your network</font></li>
</ul>
</li>
</ul>
<p><font face="Arial, Helvetica, sans-serif" size="2"><b><a
name=LOSSDEV>Theft or Loss of wireless devices</a></b></font></p>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2"> Risk</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Wireless devices
can be stolen or lost</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Devices can contain
confidential corporate information</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">An Attacker can gain
access to the network via a stolen device and information on that device</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Data on wireless
devices is stored in clear text <br>
<br>
</font></li>
</ul>
</li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Minimizing the Risk</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Audit wireless devices
in your environment regularly</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Develop strict guidelines
and policies for connecting wireless devices to the network</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Personal Use
Restrictions Policy</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Enforce a Password
Policy</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Antivirus Policy</font></li>
</ul>
</li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Encrypt the data
that is stored on the wireless devices</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Strong authentication</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Device Access Controls
and Secure Configuration</font></li>
</ul>
</li>
</ul>
<p><font face="Arial, Helvetica, sans-serif" size="2"><b><a
name=DOS>Denial of Service</a></b></font></p>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Issues</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">An attacker can jam
all communications on the wireless side </font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Cost to perform a
DOS is minimal</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Attack is simple
to perform and can be done from common tools easily found on the Internet<br>
<br>
</font></li>
</ul>
</li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Steps to protect</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">In small environments
use Infrared instead of RF if possible</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Operate wireless
networks only from shielded buildings</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">A DOS attack is very
difficult to defend against.<span style="mso-spacerun: yes"> </span>When
under such an attack, locate and disable the attacking device</font></li>
</ul>
</li>
</ul>
<p><font face="Arial, Helvetica, sans-serif" size="2"><b><a
name=VIRUS>Viruses</a></b></font></p>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">The threat from malware
has always been there for almost all popular platforms. Now virus writers
are trying out some specific techniques for wireless devices/networks. <br>
<br>
</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Though a bug in the wild
is yet to happen (specifically aimed at wirless), many proof of concept efforts
are already out there (e.g. <a href="http://www.trendmicro.com/en/about/news/pr/archive/2000/pr092200.htm">Phage</a>).
<br>
<br>
</font></li>
<li>A relatively slow scene does'nt mean you can relax, correct defenses have
to be put in place for future contingencies.<br>
<br>
</li>
<li>Reliable and comprehensive anti-virus solution(s) have to be installed at
various entry points (mail,web,gateway etc). Companies in the loop include
F-Secure, Kaspersky, Trend Micro, Network Associates, Symantec etc.</li>
</ul>
<p><font face="Arial, Helvetica, sans-serif" size="2"><b><a
name=MASQ>Masquerading</a></b></font></p>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2"> Issues</font> <br>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Rogue clients pretend
to be a legitimate endpoint<span style="mso-tab-count: 1">
</span></font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">An attacker could
obtain a working IP address via DHCP or by guessing</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">A Rogue client
becomes a node on the internal net behind all firewalls<br>
<br>
</font></li>
</ul>
</li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Rogue Access Points
could trick clients into logging in</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Attackers would
need to place the rogue Access Points strategically to present the
strongest signal </font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">This would allow
an attacker to harvest critical or confidential information or authentication
credentials<br>
<br>
</font></li>
</ul>
</li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Difficult to detect
this attack<br>
<br>
</font></li>
</ul>
</li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Steps to protect</font>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Clients must be authenticated
before being allowed to connect<span style="mso-spacerun: yes">
</span></font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Use Strong authentication
mechanisms that an attacker could not spoof like Public Key authentication</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Choose authentication
mechanisms that will not reveal credentials or critical or confidential
information (passwords) to a rogue Access Point</font><font face="Arial, Helvetica, sans-serif" size="2">
</font> </li>
</ul>
</li>
</ul>
<h1><font face="Arial, Helvetica, sans-serif" size="2"><a name=CHTSHEET>Wireless
Cheat Sheet</a></font><font face="Arial, Helvetica, sans-serif" size="2"><o:p></o:p></font></h1>
<table class=MsoNormalTable
style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; WIDTH: 347.4pt; BORDER-BOTTOM: medium none; BORDER-COLLAPSE: collapse; mso-border-alt: solid #999999 .5pt; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-border-insideh: .5pt solid #999999; mso-border-insidev: .5pt solid #999999"
cellspacing=0 cellpadding=0 width=463 border=1>
<tbody>
<tr style="mso-yfti-irow: 0">
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #999999 1pt solid; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: #999999 1pt solid; WIDTH: 0.95in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt"
valign=top width=91>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><b>Protocols<o:p></o:p></b></font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #999999 1pt solid; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 1.25in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt"
valign=top width=120>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><b>Operates
at<o:p></o:p></b></font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #999999 1pt solid; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 1in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt"
valign=top width=96>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><b>Range<o:p></o:p></b></font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #999999 1pt solid; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 117pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt"
valign=top width=156>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><b>Max
Bandwidth<o:p></o:p></b></font></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1">
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: #999999 1pt solid; WIDTH: 0.95in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=91>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">Bluetooth</font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 1.25in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=120>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">2.4
GHZ</font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 1in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=96>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">30
Feet</font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 117pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=156>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">1
MB/s</font></p>
</td>
</tr>
<tr style="mso-yfti-irow: 2">
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: #999999 1pt solid; WIDTH: 0.95in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=91>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">802.11a</font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 1.25in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=120>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">5
GHz</font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 1in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=96>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">60
Feet</font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 117pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=156>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">6-54
Mbps</font></p>
</td>
</tr>
<tr style="mso-yfti-irow: 3">
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: #999999 1pt solid; WIDTH: 0.95in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=91>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">802.11b</font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 1.25in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=120>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">2.4
GHz</font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 1in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=96>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">300
Feet</font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 117pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=156>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">5.5-11
MB/s</font></p>
</td>
</tr>
<tr style="mso-yfti-irow: 4; mso-yfti-lastrow: yes">
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: #999999 1pt solid; WIDTH: 0.95in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=91>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">802.11g</font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 1.25in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=120>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">2.4
GHZ</font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 1in; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=96>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">300
Feet</font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 117pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=156>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2">54
Mbps</font></p>
</td>
</tr>
</tbody>
</table>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="FONT-SIZE: 10pt; mso-bidi-font-size: 12.0pt">(Table 1<span
class=GramE>:Comparison</span>)<o:p></o:p></span></font><font face="Arial, Helvetica, sans-serif" size="2"><o:p></o:p></font><font face="Arial, Helvetica, sans-serif" size="2"><o:p></o:p></font></p>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><o:p><img src="wsimgs/bltooth.jpg" width="578" height="328"></o:p></font></p>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span lang=FR
style="FONT-SIZE: 10pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt">(Figure
1: <a
href="http://www.btdesigner.com/pdfs/KenNoblittComparison.pdf">http://www.btdesigner.com/pdfs/KenNoblittComparison.pdf</a>)<o:p></o:p></span></font><font face="Arial, Helvetica, sans-serif" size="2"><span lang=FR
style="FONT-SIZE: 10pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt"><o:p></o:p></span></font></p>
<h1><font face="Arial, Helvetica, sans-serif" size="2"><a name=BTVS802></a><span class=SpellE><span
style="mso-bookmark: _Toc11138673"><span lang=FR
style="mso-ansi-language: FR">Bluetooth</span></span></span><span
style="mso-bookmark: _Toc11138673"><span lang=FR style="mso-ansi-language: FR">
vs. 802.11</span></span><span lang=FR
style="mso-ansi-language: FR"><o:p></o:p></span></font></h1>
<table class=MsoNormalTable
style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none; BORDER-COLLAPSE: collapse; mso-border-alt: solid #999999 .5pt; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-border-insideh: .5pt solid #999999; mso-border-insidev: .5pt solid #999999"
cellspacing=0 cellpadding=0 border=1>
<tbody>
<tr style="mso-yfti-irow: 0">
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #999999 1pt solid; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: #999999 1pt solid; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span lang=SV
style="mso-ansi-language: SV">802.11<o:p></o:p></span></font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #999999 1pt solid; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span lang=SV
style="mso-ansi-language: SV">Bluetooth<o:p></o:p></span></font></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1">
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: #999999 1pt solid; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span lang=SV
style="FONT-SIZE: 10pt; mso-ansi-language: SV; mso-bidi-font-size: 12.0pt">fast<o:p></o:p></span></font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="FONT-SIZE: 10pt; mso-bidi-font-size: 12.0pt">Cheap<o:p></o:p></span></font></p>
</td>
</tr>
<tr style="mso-yfti-irow: 2">
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: #999999 1pt solid; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="FONT-SIZE: 10pt; mso-bidi-font-size: 12.0pt">Ethernet Compatible<o:p></o:p></span></font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="FONT-SIZE: 10pt; mso-bidi-font-size: 12.0pt">Small transceiver<o:p></o:p></span></font></p>
</td>
</tr>
<tr style="mso-yfti-irow: 3">
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: #999999 1pt solid; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="FONT-SIZE: 10pt; mso-bidi-font-size: 12.0pt">Has been around longer,
more mature<o:p></o:p></span></font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="FONT-SIZE: 10pt; mso-bidi-font-size: 12.0pt">Still emerging technology<o:p></o:p></span></font></p>
</td>
</tr>
<tr style="mso-yfti-irow: 4">
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: #999999 1pt solid; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="FONT-SIZE: 10pt; mso-bidi-font-size: 12.0pt">Requires more handheld-sized
devices or phone power than they can supply</span></font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="FONT-SIZE: 10pt; mso-bidi-font-size: 12.0pt">Low Power<o:p></o:p></span></font></p>
</td>
</tr>
<tr style="mso-yfti-irow: 5">
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: #999999 1pt solid; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="FONT-SIZE: 10pt; mso-bidi-font-size: 12.0pt">300 plus feet range<o:p></o:p></span></font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="FONT-SIZE: 10pt; mso-bidi-font-size: 12.0pt">30 feet<o:p></o:p></span></font></p>
</td>
</tr>
<tr style="mso-yfti-irow: 6">
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: #999999 1pt solid; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="FONT-SIZE: 10pt; mso-bidi-font-size: 12.0pt">Uses IP connection<o:p></o:p></span></font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><o:p> </o:p></font></p>
</td>
</tr>
<tr style="mso-yfti-irow: 7; mso-yfti-lastrow: yes">
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: #999999 1pt solid; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="FONT-SIZE: 10pt; mso-bidi-font-size: 12.0pt">6-54 Mbps throughput<o:p></o:p></span></font></p>
</td>
<td
style="BORDER-RIGHT: #999999 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: medium none; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; WIDTH: 221.4pt; PADDING-TOP: 0in; BORDER-BOTTOM: #999999 1pt solid; mso-border-alt: solid #999999 .5pt; mso-border-left-alt: solid #999999 .5pt; mso-border-top-alt: solid #999999 .5pt"
valign=top width=295>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="FONT-SIZE: 10pt; mso-bidi-font-size: 12.0pt">Less than 2 Mbps throughput<o:p></o:p></span></font></p>
</td>
</tr>
</tbody>
</table>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span lang=FR
style="FONT-SIZE: 10pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt">(Table
2: <a
href="http://www.kerton.com/papers/BT-WF.pdf">http://www.kerton.com/papers/BT-WF.pdf</a>)<o:p></o:p></span></font></p>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span lang=FR
style="FONT-SIZE: 10pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt"><o:p>Hope
this helped. See you next time.</o:p></span></font></p>
<hr>
<p> <A name=#ART3></A><span class="text_head1">Tales from the Void<br>
</span><a href="http://www.arunkoshy.cjb.net" target="_blank"> By Arun Darlie
Koshy</a>
<p> This section would be totally non-linear and would graph out into diverse
areas, but a common theme would be there .. on the way we may build up system
utilities, viruses, firewalls or anything which you and i can think about.
<p>It's to see possible ways someone can exploit a feature or concept in today's
infostructure (hardware, software nething..).
<p>[29.09.02]
<p><b>If something can become a race conditon, it will..</b><b><br>
<br>
</b>
<p>For a student interested in OS design, understanding process management is
essential. Here are my notes.. if nothing else, it will give some reassurance
to another soul who maybe caught up in the same problem.
<p>Before starting out, the book we're discussing :
<ul>
<li><a href="http://www.cs.vu.nl/%7East/">Operating Systems : Design and Implementation
2e (by AST, published by Prentice Hall)</a> (Ref #1)</li>
</ul>
<ul>
<li>Other reference materials used would be indicated at that point. Familiarity
with OS concepts and assembler/C is assumed.</li>
</ul>
<p>Objectives :</p>
<ol>
<li>Processes need to communicate with each other effectively, without errors
and in proper order<br>
<br>
</li>
<li>The IPC (inter-process communication) model should be abstract (high-level)</li>
</ol>
<p><b>Race Conditions :</b><br>
means exactly what it says. It is a sitiuation brought about by two processes
or more processes running in the<br>
same time slice (actually, same is a bit inaccurate, as only one process is
having the CPU at a given instant).</p>
<p>Let's look at the example of the print spooler (pg.57, section 2.2.1, Ref #1)</p>
<p>We have a standard printer daemon (program handling print requests across the
OS) which has a "spooler directory" containing filenames. Lets make
two variables "out" and "free". </p>
<p>("out" : next file to print, "free" : the next free slot)</p>
<p>Slot 1: |nuke.txt| (out)<br>
Slot 2: |terror.txt|<br>
Slot 3: |biowar.pdf|<br>
Slot 4: |tempest.xls|<br>
Slot 5: |prnlog.lst|<br>
Slot 6: |drive.txt|<br>
Slot 7: (free)<br>
..<br>
Slot n:</p>
<p>Let's now imagine two processes named, Tom n Jerry, (i.e Process T n Process
J) want to print and it happens at the same instant. </p>
<p>T reads "free" and sees that the next free slot is 7, and stores
it locally (say in T_Slot). Just then, say the scheduler interrupts and switches
to process J. It also sees the 7, stores the name of its file, updates free
to be slot 8.</p>
<p>Now T comes back to life, and starts from where it left, it looks at T_Slot,
sees the 7 and writes the its file (overwriting J's fn) and updates free to
slot 8.</p>
<p>We witnessed a race condition... right now, above. J will never get its printout
for apparent reasons. Please read this again and again, if u did'nt get it at
once. You have to visualize.</p>
<p>So the next question is how to avoid race conditions ? The answer is <i>mutual
exclusion</i> which basically means that if one process is using a shared resource
(variable,file,printer .. nething), then the other processes CANNOT use the
same resource.</p>
<p><a name="ARC"></a>Four conditions for a good solution (to avoid race conditions)
are :</p>
<ul>
<li>Only one process can be in it's (CR) critical region at a time ( CR refers
to the part of the program which uses the shared resource )</li>
</ul>
<ul>
<li>We cannot make any assumptions about the hardware</li>
</ul>
<ul>
<li>No process outside it's CR can block another process</li>
</ul>
<ul>
<li>Infinite waiting periods must be ruled out (i.e we must be sure that no
sitiuation leads to a process waiting forever to enter it's CR)</li>
</ul>
<p>We will now consider some solutions discussed in the book :
<ul>
<li>A simple solution would be to disable all interrupts just after entering
the CR, and enable them just before leaving (process switching won't happen
a clock interrupt) .. this ensures the process can access the shared resource
without getting disturbed.</li>
</ul>
<ul>
<li>But, in the final analysis, the power to turn off interrupts should be reserved
with the OS (for attending to its own mutual exclusion needs while updating
system lists, variables etc). The user should'nt be allowed to this as a rogue
program (or a poorly written one) can cause the system to malfunction (say
a process forgets to enable the interrupts).</li>
</ul>
<ul>
<li>Next we consider the concept of lock variables, say we have a single, shared
variable called<i> lock. </i>We can use this in the following manner, if the
lock is 0, it means that no process is in the critical region else its 1.
So, when process T wants to enter its CR, it will first check if the lock
is 0, then set it to 1 and proceed. Incase it finds it to be 1, it means already
another process is in a CR, and T has to wait.</li>
</ul>
<ul>
<li>I hope u did'nt read the above without an alarm sounding in ur brain. The
word "shared" .. we spot our old culprit, again a race condition
can happen with the solution itself, stop reading here, take a minute or two
off to think how.</li>
</ul>
<ul>
<li>It happens when say, process T reads the lock and sees its 0 and is about
to set it to 1, at that instant process J kicks in does the same check, sets
it to 1, now when process T resumes, it also sets the lock to 1 and both of
them goto their CRs at the same time. <br>
<br>
The following code snippet may help in visualizing :<br>
<br>
<span class="code"> loop_enter_cr :<br>
mov cx, lock<br>
cmp lock, 0 ;problem
occurs, when J gets control at this instant<br>
mov lock, ax ;where
ax=1, when T resumes, its at this position .. now both T & J set the lock
to 1<br>
jne loop_enter_cr<br>
ret
;return to caller, ready to enter
CR<br>
</span><br>
</li>
<li>The next solution to be considered is that of <i>strict alternation</i>.
Before we step into that, here are the code snippets of process T & J
for this study :<br>
<br>
<table width="75%" border="0">
<tr>
<td>
<p><font face="Arial, Helvetica, sans-serif" size="2" class="code">Process
T <br>
<br>
while (TRUE) {<br>
while (turn!=0) ; //loop till turn becomes 0<br>
critical_region();<br>
turn=1;<br>
noncritical_region();<br>
} <br>
<br>
</font></p>
</td>
<td><font face="Arial, Helvetica, sans-serif" size="2" class="code">Process
J <br>
<br>
while (TRUE) {<br>
while (turn!=1) ; //loop till turn becomes 1<br>
critical_region();<br>
turn=0;<br>
noncritical_region();<br>
} <br>
<br>
Ref : Pg.60, Chap 2, Process, Ref #1</font></td>
</tr>
</table>
<br>
Before you begin to analyze what happens, please refresh yourself on the <a href="#ARC">rules
for a good solution.</a> Now, think about if the above is a good solution<br>
<br>
In the next update we will discuss the above (i.e why it is not acceptable),
Peterson's Solution, Producer-Consumer problem, semaphores, monitors, message
passing etc. In the final part, we will go thru some classical IPC problems.<br>
</li>
</ul>
<p>[26.09.02]
<p><b>Ease of Use > Security</b>
<p>It is absolutely true. People are lazy. They don't like to read manuals, use
complicated software or observe safe practises.
<ul>
<li>Maintain encrypted filesystems for all personal work/details (almost all
my data). This is the only place where you need to physically enter a password
(fairly complex).</li>
</ul>
<ul>
<li>All passphrases used are <a href="http://www.winguides.com/security/password.php">program
generated</a> and then a bit of personally introduced noise is added. Most
of them are as much as the buffer permits. Of course, this is not memorized,
it is stored in a file kept in the fs. When entry is required, it is done
via simple cut-paste. This makes the process a bit more intruder-resistant
(keyloggers etc).</li>
</ul>
<ul>
<li>Whenever sensitive information needs to be transmitted, especially via e-mail,
use <a href="http://www.pgpi.org" target="_blank">PGP</a> and further wrappers.
Personally, I prefer DSS (maximal).</li>
</ul>
<ul>
<li>Default = Unsafe (whatever program, solution, protocol et.al)</li>
</ul>
<ul>
<li>Use a non-standard mail client, this reduces your risk to exploits related
to some particular client (more applicable under Windows).</li>
</ul>
<ul>
<li>You develop an intuitive sense about ur system as time passes. Anything
that seems out of the ordinary on a given day usually does indicate some problem
(say it takes longer to boot, run a program or ur system is throwing up weird
errors). Learn to respond to this intuition.</li>
</ul>
<ul>
<li>Learn about various protocols, and learn to use the more secure ones (even
if they are harder to use) .. eg. select ssh over telnet.</li>
</ul>
<ul>
<li>Never trust closed-source software completely. Infact, never trust completely
:)</li>
</ul>
<hr>
<p><font face="Arial, Helvetica, sans-serif" size="2"><a name=EDIT></a><span class="text_head1">Logfile</span><br>
<br>
<b>[September - October]</b></font> </p>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">India's premier and one
of the world's most respected institutes - IIT, Madras - held Shastra' 02,
a tech festival. Ayan is involved in the organization and hosting of AI-Bots
(mentioned earlier in this column). Learn more about it at <a href="http://www.shaastra.iitm.ac.in" target="_blank">www.shaastra.iitm.ac.in</a>
. </font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">I hate intrusive technology
(Cells, Laptops, PDAs..). Strange, I feel this way considering my area of
work. But its something I cannot deny. There should be moments when a human
being is detached from technology .. away from it all. Someday when God permits,
I like be someplace where the air is devoid of info-electrons (seeking utopia
in today's world i guess :-) ). I prefer being unwired and real.</font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Take a look at Bill Joy's
brilliant article (circa 99) <a href="http://www.humancapitall.com/arunkoshy/billjoy.htm" target="_blank">"Why
the future doesn't need us"</a>.</font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Check <a href="http://web.mit.edu/newsoffice/nr/2002/nevanlinna.html">http://web.mit.edu/newsoffice/nr/2002/nevanlinna.html</a>
, amazing achievement.. intellectual giants.</font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Mark this site <a href="http://www.linux-box.org" target="_blank">http://www.linux-box.org</a>
, seems to be a really good source on linux security.</font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Check out <a href="http://www.winguides.com/security/password.php" target="_blank">http://www.winguides.com/security/password.php</a>
, an excellent web-based utility.</font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Remembered something..
take a look at the illustrations given in the Jurassic Park (the book, before
each new chapter) .. though it is sacrilege for purists, this may prove interesting
enough for you to get started on chaos theory. A book by James Gleick called
"Chaos" is also a good intro. It may also help you to understand
the world we live in today and the events taking place.</font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Guitar players who I
really wish were my neighbours :-) .. Jimi Hendrix ( the man who started it
all ), Van Halen ( listen to a solo on MJ's Beat It apart from his own work
), Joe Satriani (God's own guitar player), Slash (for his pentatonic work
and a timeless "Sweet Child O Mine"), Nuno Bettencourt ( "More
than Words" .. vindicated my trust in the acoustic guitar) and Billie
Joe Armstrong (for "Time of your life").</font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Wrote <a href="http://www.humancapitall.com/arunkoshy/run.htm" target="_blank">"Run"</a>
.. a positive poem for change :-). Listened to Kishoreda's "Neele Neele
Ambar par" after a long time.. I still want to know who played the guitar
on this song .. amazing acoustic performance.</font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">It's so funny how so
many people want to put you down. But they can't stop you from flying unless
you want them to. Like someone wise said (and recently i was reminded by Stat)
"Your are your own worst enemy". </font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Velocity is what scares
the average. They get scared by speed .. of brilliance, achievements, they
try to downplay it, tell you that you're like them.. carry on fools, i am
having so much fun.</font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Learn to use your anger
in a positive way. Let it be the fuel, power to a life extraordinary, I've
realized that that the key for not being a face in the crowd is .. stay away
from it. </font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Appa always says "Remember
the loneliness of the long distance runner".. nothing grand, simple words,
always rings true.</font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Today was one of those
days, long, weird, happy and sad. Anyways, I wrote a <a href="http://www.humancapitall.com/arunkoshy/moment.htm" target="_blank">poem</a>
on it, so all well. </font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">The world is like a mirror,
it will present to you exactly what you want to see or do. We all say that
there is "grey", but its my strong feeling that it often boils down
to simple wrong and right.</font></li>
</ul>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2">Check this out, *nix's
fav daemon's distro site gets hacked and replaced with a rogue version, I
guess its <a href="http://www.cert.org/advisories/CA-2002-28.html" target="_blank">sendmail
blues</a>.<br>
</font></li>
</ul>
<p ><font face="Arial, Helvetica, sans-serif"><span class="text_head1"><a name="CONTRIB"></a>Contribute!
Learn! Discuss!</span><br>
<br>
<span class="text_head2">Contact:</span><br>
You're invited to send in your entries, comments et.al for publication to <a
href="mailto:hwcol@arunkoshy.cjb.net">hwcol@arunkoshy.cjb.net</a> </font></p>
<p><font face="Arial, Helvetica, sans-serif"><span class="text_head2">Hot Topics
(but definitely not restricted to):</span><br>
algorithms, stuff related to systems programming and applied network security.</font></p>
<p><font face="Arial, Helvetica, sans-serif"><span class="text_head2">Style:</span><br>
SWG advocates a "hands-on" approach .. Get to the code or point. Provide references
and links if necessary (especially if you're presenting a fresh perspective
on something already known). </font>
<p>
<p>
</td>
</tr>
<tr>
<td colspan="2">
<div align="center" class="unnamed1"><span class="footer"><a href="http://www.Infosecwriters.com"><font size="1" face="Arial, Helvetica, sans-serif">Home</font></a><font size="1" face="Arial, Helvetica, sans-serif">
|<a href="http://www.Infosecwriters.com/about.php"> About Us</a> |<a href="http://www.Infosecwriters.com/contact.php">
Contact Us</a> |<a href="http://www.Infosecwriters.com/privacy.php"> Privacy
Policy</a> | <a href="http://www.Infosecwriters.com/map.php">Site Map</a>
</font></span></div>
<p align="center"><font size="1" face="Arial, Helvetica, sans-serif"><span class="footer">All
images, content & text (unless other ownership applies) are © copyrighted
2003, Infosecwriters.com. All rights reserved. Comments are property of
the respective posters.</span></font></p>
</td>
</tr>
</table>
</body>
</html>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed