Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Wireless Lans give EVERYONE ACCESS

From: Jonas Thambert <JonasT () guld spray se>
Date: Mon, 13 Aug 2001 13:35:55 +0200
ofcourse anti virii/p.firewall protection is a must. Setting
up anti-spoof protection is also regular sysadmin duty, even
if its not a WLAN interface.

anyway the only usage for WLAN as I see it is in combination with VPN.

http://www.cs.rice.edu/~astubble/wep/wep_attack.html

jonas 

-----Original Message-----
From: Erik Fichtner [mailto:techs () obfuscation org] 
Sent: den 10 augusti 2001 20:46
To: Jonas Thambert
Cc: 'Conal Darcy'; Russell Handorf; VULN-DEV () securityfocus com;
bugtraq () securityfocus com
Subject: Re: Wireless Lans give EVERYONE ACCESS


On Thu, Aug 09, 2001 at 10:13:44AM +0200, Jonas Thambert wrote:

WLAN is best used on a separate VLAN/NIC of the firewall in 
combination
with VPN into the rest of the internal networks.


Don't forget some kind of personal firewall on the devices in the WLAN 
segment. 

Additionally, you should run this with your default route on the other side
of the VPN gateway, and only allow traffic to your specific VPN router 
from your WLAN segment.


The VPN authentication is best handled my RSA, safeword or biometric 
systems.


Indeed. The Timestep/Xylan/Alcatel VPN gateway is particularly nice in this
regard.. Certificate auth plus an additional RADIUS query. 


Even then its not safe since it only takes 15 min to decrypt the 
40-bits key. Maybe WEP2 128-bits key will solve that :-)


Heh. yeah. ~50 minutes.


-- 
                        Erik Fichtner; Unix Ronin
                    http://www.obfuscation.org/techs/
"The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself.  Therefore, all progress
depends on the unreasonable." -- George Bernard Shaw
Previous By Date Next
Previous By Thread Next

Current thread: