Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Wireless security question...

from [me] Network Security [Permanent Link]
Subject: Re: Wireless security question...
Date: 28 Oct 2005 19:29:06 -0000 
Marty,

You're using the word "secure" near the word WEP, which is an oxymoron.  WEP is 
not secure, see the article, and the follow up to it, below.  Maybe your 
company should hire a consulting firm for this if these are your companies 
questions.  Do not take that as a slam, but if these are the big concerns for 
you with wireless, then you probably need some outside help.

http://www.securityfocus.com/infocus/1814

See ANSWERS inline - 

The questions we have are:

1- Can a wireless router (installed in their home-office) be
hacked into AND can this hacker take control of the wireless
laptop. If so I would need some detail on how we can prevent
that (besides WEP). Let's assume for the sake of discussion
that there is no WEP encryption on the router.

ANSWER:  If it is jacked in somewhere, it can be hacked.    Hacking a router 
and laptop are two separate things.  Controlling one does not imply 
(necessarily) controlling the other.  If there is no encrytion, you have bigger 
issues.  I hope that they changed the default  password & ssid name.  How do 
you prevent what?  Prevent users from using wireless?  GPO (Windows) or use 
some other end point security software to permanently disable wireless on the 
machines.


2- How easy is it to access the laptop once you're into the
router? Is it child splay or do we need a specialist?

ANSWER:  SEE ABOVE.  Two Separate items.  You now should know the address, but 
that only points you to the device, not how to break into it.


3- If the laptop's wireless router is secured with WEP and
connected to the office via VPN can it be EASILY hacked
into? The VPN connection gives them little access to the
network, barely what they need to work. Will the intruder
have access to our network?

ANSWER:  Secured with WEP doesn't exist.  Suffice to say, if someone can remote 
control a laptop once someone has logged in to your VPN, then yes.  However, if 
they have not logged in to your VPN and you are using 2 factor form 
authentication, it is much more difficult for them to just "hack" into your VPN.

4- How secure is my sales rep. running around hotels with
his laptop?

ANSWER:  What's the question?  Is he connecting up to the network?  How?  What 
data is being tranferred?  What if the laptop is stolen (just as likely)?  
Etc....

Google for WEP, then WPA.  WEP is dead....it is just a minor deterrent now.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Any banking security best practices and survey information?, Andrew Chong
Next by Date:  RE: Wireless security question..., David Gillett
Previous by Thread:  Re: Wireless security question..., groffg
Next by Thread:  RE: Wireless security question..., Hagen, Eric
Indexes:  [Date] [Thread] [Top] [All Lists]