Security Basics mailing list archives
RE: WiFi security implications
From: "James Tusini" <james () homehouse co uk>
Date: Sat, 13 Dec 2003 17:29:45 -0000
It could be possible to be the victim of a man in the middle attack on the Wi-Fi, depending on the config. However this is also possible if at home you're on cable broadband, as this paper describes: http://www.trustmatta.com/downloads/Matta_Broadband_Insecurity.pdf . You don't mention what type of VPN you're actually using so I can't really go into more detail. James -----Original Message----- From: Tres London [mailto:telconstar99 () wblondon com] Sent: 05 December 2003 07:51 To: security-basics () securityfocus com Subject: RE: WiFi security implications Hello, But if I'm allowed to connect from home, IT can't count on my home network from being secure. Thus, it would seem to me, that connecting from a hostile network (i.e. I think any network outside their control would be considered hostile) via VPN is ok with them because they allow me to connect from home. Thoughts? -Tres london -----Original Message----- From: Rusty Chiles [mailto:rustychiles () cox net] Sent: Thursday, December 04, 2003 5:22 PM To: Tres London; security-basics () securityfocus com Subject: RE: WiFi security implications I know that on Microsoft PPTP solutions you can actively attack the PPTP logon via the MS-CHAP password change protocol version 1 to obtain the LANMAN and NT password hashes. Note that once you get the password hashes, you dont even need to crack the passwords to logon onto an SMB server or PPTP server. I'm not sure if cisco's vpn solution is vulnerable to a similar attack, but generally it's a bad idea to connect to anything that you care to keep secured via a hostile network, especially without encryption. -Rusty -----Original Message----- From: Tres London [mailto:telconstar99 () wblondon com] Sent: Wednesday, December 03, 2003 7:29 PM To: security-basics () securityfocus com Subject: WiFi security implications Hello List, 1st time poster here :) If I work for a financial firm, have a laptop with wireless access and am at a publicly available wireless access point, and want access to my network via VPN, what are the security implications? My company currently allows people from home to VPN into the network at work, but IT is nervous about allowing it over a wireless connection because of security implications. My point is that VPN should be secure enough on it's own, even if people access my information, it's still encrypted with IPSec (or something like that). Thoughts? Thanks, -Tres London ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: WiFi security implications, (continued)
- RE: WiFi security implications Rusty Chiles (Dec 04)
- Re: WiFi security implications Paul Kurczaba (Dec 04)
- Re: WiFi security implications Moshe Ashkenazi (Dec 05)
- RE: WiFi security implications Tres London (Dec 05)
- Re: WiFi security implications Moshe Ashkenazi (Dec 05)
- RE: WiFi security implications David Gillett (Dec 05)
- RE: WiFi security implications David J. Jackson (Dec 04)
- Re: WiFi security implications Tres London (Dec 05)
- RE: WiFi security implications Tres London (Dec 05)
- RE: WiFi security implications Tres London (Dec 05)
- RE: WiFi security implications Tres London (Dec 05)
- RE: WiFi security implications James Tusini (Dec 15)
- Re: WiFi security implications Ronish Mehta (Dec 08)
- RE: WiFi security implications Security Newsletters-TM (Dec 08)
- RE: WiFi security implications Oliver Rebollido (Dec 09)
- RE: WiFi security implications dave kleiman (Dec 10)
- RE: WiFi security implications Steven A. Fletcher (Dec 09)