Penetration Testing mailing list archives
RE: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects
From: "Malick Sy" <sy_malick () hotmail com>
Date: Thu, 4 Mar 2010 16:02:18 +0100
The forced proxy redirect is also sometimes called captive portal authentication or centralised access control. The tradeoffs between captive portals and encryption is not security as much as usability. If u are running a hotspot business, your business model shouldnt include an IT guy onsite adding the encryption key to users laptops, apart from being unworkable it is also akin to giving away access, unless you also remove the encryption key after the user's time is over....All in all leads to a major admin nightmare, to circumvent this, you use a captive portal which forces users to authenticate securely via local database, RADIUS or whatever flavour AAA is installed.. Advantages of Captive Portal in Hotspot No need to manually enter encryption keys Centralised authentication and authorisation framework Centralised access logs Automated user access (as opposed to manual key entry) Ease of use Disadvantages of Captive Portal Requires some initial setup Number of captive portal service exist, ranging from NoCatAuth to WifiDog,etc. You can even install openwrt on Linksys WRT54GL and get a captive portal! http://en.wikipedia.org/wiki/Captive_portal Hope this helps -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Chip Panarchy Sent: 03 March 2010 13:19 To: pen-test () securityfocus com Subject: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects Hello I have noticed recently that most cafés which offer Free WiFi do so, not with a Wireless Encryption Method (WEP, WPA, WPA2, LEAP etc.) but with a Forced-Proxy Redirect. (usually https with 128-bit encryption) (I'm sure there's a better way of saying 'Forced-Proxy Redirect'...) What are the Security implications of using the Forced-Proxy Redirect method rather than a Wireless Encryption Method? Does the traffic still get tunnelled securely? What are the advantages & disadvantages when comparing these two Design choices? Please alleviate my concerns. Thanks in advance, Chip D. Panarchy ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects Chip Panarchy (Mar 03)
- Re: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects Tim (Mar 04)
- Re: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects Zaki Akhmad (Mar 04)
- Re: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects Jon Janego (Mar 04)
- RE: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects Malick Sy (Mar 04)
- RE: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects Cedric Blancher (Mar 04)
- RE: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects Malick Sy (Mar 08)
- Re: RE: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects Cedric Blancher (Mar 11)
- RE: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects Cedric Blancher (Mar 04)
- Re: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects debiantech (Mar 08)