Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Wireless security question...

from [Fred Cohen] Network Security [Permanent Link]
Subject: Re: Wireless security question...
Date: Fri, 28 Oct 2005 15:06:14 -0700 

On Oct 27, 2005, at 4:11 PM, Marty wrote:

 Hi,

We're having an in-house discussion regarding the risk
related to wireless security.

The mobile users would like to be able to use the wireless
technology within their laptops to access the office while
they are away. Right now we don't allow wireless access
points.

The questions we have are:

1- Can a wireless router (installed in their home-office) be
hacked into


Yes. If...

AND can this hacker take control of the wireless
laptop.


Yes. If...

If so I would need some detail on how we can prevent
that (besides WEP). Let's assume for the sake of discussion
that there is no WEP encryption on the router.

Without encryption wireless provides no integrity, confidentiality, accountability, use control, or availability. But on the other hand, why is this any different from going to Starbucks and logging in?


2- How easy is it to access the laptop once you're into the
router? Is it child splay or do we need a specialist?

Again, it is not the right question to ask. The question is how you protect the computer at STarbucks. IF you protect the computer that way and then treat the computer and AP as if they were at a Starbucks, you will have the same protection from here as there.

3- If the laptop's wireless router is secured with WEP and
connected to the office via VPN can it be EASILY hacked
into? The VPN connection gives them little access to the
network, barely what they need to work. Will the intruder
have access to our network?


Yes. If...

It is the same basic issue as before. If the PC cannot defend itself you should not be letting it roam. If the network cannot be protected it should not be connected. If they can, they are as safe at home as at Starbucks.

4- How secure is my sales rep. running around hotels with
his laptop?


My point exactly.

We are trying to assess the risk...should we, should we not
allow wireless for the mobile workforce.

Wireless or wired - when they are away you cannot protect the intervening infrastructure - so you need to protect the endpoint, the communications, and the places they go on the other side. This is a simplification of course, but you get the idea.

Thanks!

Marty




-- This communication is confidential to the parties it is intended to serve --
Security Posture securityposture.com tel/fax
University of New Haven unhca.com 925-454-0171
Fred Cohen & Associates all.net 572 Leona Drive
Security Management Partners policygeeks.com Livermore, CA 94550

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Wireless security question..., phunked up!
Next by Date:  RE: Wireless security question..., Hagen, Eric
Previous by Thread:  Re: Wireless security question..., phunked up!
Next by Thread:  Re: Wireless security question..., Kenton Smith
Indexes:  [Date] [Thread] [Top] [All Lists]