Security Basics mailing list archives
Re: Wireless security question...
From: me () nospam com
Date: 28 Oct 2005 19:29:06 -0000
Marty, You're using the word "secure" near the word WEP, which is an oxymoron. WEP is not secure, see the article, and the follow up to it, below. Maybe your company should hire a consulting firm for this if these are your companies questions. Do not take that as a slam, but if these are the big concerns for you with wireless, then you probably need some outside help. http://www.securityfocus.com/infocus/1814 See ANSWERS inline - The questions we have are: 1- Can a wireless router (installed in their home-office) be hacked into AND can this hacker take control of the wireless laptop. If so I would need some detail on how we can prevent that (besides WEP). Let's assume for the sake of discussion that there is no WEP encryption on the router. ANSWER: If it is jacked in somewhere, it can be hacked. Hacking a router and laptop are two separate things. Controlling one does not imply (necessarily) controlling the other. If there is no encrytion, you have bigger issues. I hope that they changed the default password & ssid name. How do you prevent what? Prevent users from using wireless? GPO (Windows) or use some other end point security software to permanently disable wireless on the machines. 2- How easy is it to access the laptop once you're into the router? Is it child splay or do we need a specialist? ANSWER: SEE ABOVE. Two Separate items. You now should know the address, but that only points you to the device, not how to break into it. 3- If the laptop's wireless router is secured with WEP and connected to the office via VPN can it be EASILY hacked into? The VPN connection gives them little access to the network, barely what they need to work. Will the intruder have access to our network? ANSWER: Secured with WEP doesn't exist. Suffice to say, if someone can remote control a laptop once someone has logged in to your VPN, then yes. However, if they have not logged in to your VPN and you are using 2 factor form authentication, it is much more difficult for them to just "hack" into your VPN. 4- How secure is my sales rep. running around hotels with his laptop? ANSWER: What's the question? Is he connecting up to the network? How? What data is being tranferred? What if the laptop is stolen (just as likely)? Etc.... Google for WEP, then WPA. WEP is dead....it is just a minor deterrent now.
Current thread:
- Wireless security question... Marty (Oct 28)
- RE: Wireless security question... David Gillett (Oct 31)
- Re: Wireless security question... phunked up! (Oct 31)
- Re: Wireless security question... Fred Cohen (Oct 31)
- Re: Wireless security question... Kenton Smith (Oct 31)
- <Possible follow-ups>
- Re: Wireless security question... groffg (Oct 31)
- Re: Wireless security question... me (Oct 31)
- RE: Wireless security question... Hagen, Eric (Oct 31)