Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wireless security question...

From: me () nospam com
Date: 28 Oct 2005 19:29:06 -0000
Marty,

You're using the word "secure" near the word WEP, which is an oxymoron.  WEP is not secure, see the article, and the 
follow up to it, below.  Maybe your company should hire a consulting firm for this if these are your companies 
questions.  Do not take that as a slam, but if these are the big concerns for you with wireless, then you probably need 
some outside help.

http://www.securityfocus.com/infocus/1814

See ANSWERS inline - 

The questions we have are:

1- Can a wireless router (installed in their home-office) be
hacked into AND can this hacker take control of the wireless
laptop. If so I would need some detail on how we can prevent
that (besides WEP). Let's assume for the sake of discussion
that there is no WEP encryption on the router.

ANSWER:  If it is jacked in somewhere, it can be hacked.    Hacking a router and laptop are two separate things.  
Controlling one does not imply (necessarily) controlling the other.  If there is no encrytion, you have bigger issues.  
I hope that they changed the default  password & ssid name.  How do you prevent what?  Prevent users from using 
wireless?  GPO (Windows) or use some other end point security software to permanently disable wireless on the machines.


2- How easy is it to access the laptop once you're into the
router? Is it child splay or do we need a specialist?

ANSWER:  SEE ABOVE.  Two Separate items.  You now should know the address, but that only points you to the device, not 
how to break into it.


3- If the laptop's wireless router is secured with WEP and
connected to the office via VPN can it be EASILY hacked
into? The VPN connection gives them little access to the
network, barely what they need to work. Will the intruder
have access to our network?

ANSWER:  Secured with WEP doesn't exist.  Suffice to say, if someone can remote control a laptop once someone has 
logged in to your VPN, then yes.  However, if they have not logged in to your VPN and you are using 2 factor form 
authentication, it is much more difficult for them to just "hack" into your VPN.

4- How secure is my sales rep. running around hotels with
his laptop?

ANSWER:  What's the question?  Is he connecting up to the network?  How?  What data is being tranferred?  What if the 
laptop is stolen (just as likely)?  Etc....

Google for WEP, then WPA.  WEP is dead....it is just a minor deterrent now.
Previous By Date Next
Previous By Thread Next

Current thread: