Security Basics mailing list archives
RE: WiFi security implications
From: "Tres London" <telconstar99 () wblondon com>
Date: Fri, 5 Dec 2003 01:50:23 -0600
But if VPN is the only way to get into the office network, then I wouldn't be able to use that access point you talk about in your 2nd to last paragraph right? -Tres London -----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Thursday, December 04, 2003 6:26 PM To: 'Tres London'; security-basics () securityfocus com Subject: RE: WiFi security implications The VPN encryption should be end-to-end, from your laptop across the wireless connection and internet to a trusted endpoint on the company network. The wireless link in the chain means there is a bit higher likelihood that the traffic can be sniffed than with *most* home Internet technologies, but the VPN encryption should be resistant to that. I don't think your IT guys need to worry on that score. I have heard that in some cases the providers of public or semi- public wireless access are reluctant to permit end-to-end VPN connections since they lose any ability to monitor traffic except by volume. Such providers may allow you to minimize the sniffing risk by running IPSec over the wireless link, but not across the remaining Internet leg of the conversation. This is not good enough, and your IT guys would be right to block that scenario. David Gillett
-----Original Message----- From: Tres London [mailto:telconstar99 () wblondon com] Sent: December 3, 2003 18:29 To: security-basics () securityfocus com Subject: WiFi security implications Hello List, 1st time poster here :) If I work for a financial firm, have a laptop with wireless access and am at a publicly available wireless access point, and want access to my network via VPN, what are the security implications? My company currently allows people from home to VPN into the network at work, but IT is nervous about allowing it over a wireless connection because of security implications. My point is that VPN should be secure enough on it's own, even if people access my information, it's still encrypted with IPSec (or something like that). Thoughts? Thanks, -Tres London -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- WiFi security implications Tres London (Dec 04)
- RE: WiFi security implications Rusty Chiles (Dec 04)
- Re: WiFi security implications Paul Kurczaba (Dec 04)
- Re: WiFi security implications Moshe Ashkenazi (Dec 05)
- RE: WiFi security implications Tres London (Dec 05)
- Re: WiFi security implications Moshe Ashkenazi (Dec 05)
- RE: WiFi security implications David Gillett (Dec 05)
- <Possible follow-ups>
- RE: WiFi security implications David J. Jackson (Dec 04)
- Re: WiFi security implications Tres London (Dec 05)
- RE: WiFi security implications Tres London (Dec 05)
- RE: WiFi security implications Tres London (Dec 05)
- RE: WiFi security implications Tres London (Dec 05)
- RE: WiFi security implications James Tusini (Dec 15)
- Re: WiFi security implications Ronish Mehta (Dec 08)
- RE: WiFi security implications Security Newsletters-TM (Dec 08)
- RE: WiFi security implications Oliver Rebollido (Dec 09)
- RE: WiFi security implications dave kleiman (Dec 10)
- RE: WiFi security implications Steven A. Fletcher (Dec 09)