Re: wifi security

["simon (www.snosoft.com)" <simon () snosoft com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In response to Dave Killion:

"Just the same, IPSec over WiFi is just as secure as IPSec
over copper or fiber.  And it's good enough for banks to use.
It all comes down to managing risk.  Good encryption can be useful."

Dave, with all due respect you are wrong...

Fact is when you send data out over the air via any method the signal 
will be stronger than it would be out of a cat5 (I figured that this 
would be obvious). When using cat5 it is simply not easy to collect 
radio waves and turn them into anything useful.

Having said that it is correct to say that copper is more secure than 
air, and fibre is more secure than copper assuming that all is equal in 
the data going over the line.

What are the chances of someone recording your radio waves from cat5 v.s 
the chances of someone recording data from 802.11x?

Also, don't use banks as an example of security, IMHO they are not 
secure enough. What is good enough for a bank network is far from good 
enough for mine. It is not that their administrators are idiots, because 
they are not idiots, they just don't have the time to do what the 
hackers of today have the time to do.


Mark Medici wrote:
> Actually, the most secure networks are required to run fiber-optic inside
> of pressurized conduit with full-time monitoring against physical
> intrusion.  This is because even fibre-optic can  tapped without breaking
> the optical conductor if you have sufficient knowledge, skill and
> patience, plus a few specialized tools.  
>
> Of course, this is probably too extreme for most private enterprises.
>
>
>
> > -----Original Message-----
> > From: Dave Killion [mailto:Dkillion () netscreen com] 
> > Sent: Wednesday, August 27, 2003 12:38 PM
> > To: 'simon () snosoft com'; D'Amato Luigi
> > Cc: lists () kentane net; security-basics () lists securityfocus com
> > Subject: RE: wifi security
> >
> >
> > Simon,
> >
> > Even copper can create interceptible radio waves if one is in 
> > close enough proximity to the cable.  Which is why for Top 
> > Secret data networks the DoD uses fiber.
> >
> > Yes, there are fiber taps and what not, but copper can be 
> > intercepted non-invasively.
> >
> > Just the same, IPSec over WiFi is just as secure as IPSec 
> > over copper or fiber.  And it's good enough for banks to use. 
> > It all comes down to managing risk.  Good encryption can be useful.
> >
> > -Dave
> >
> > -----Original Message-----
> > From: -SIMON- [mailto:simon () snosoft com]
> > Sent: Tuesday, August 26, 2003 12:32 PM
> > To: D'Amato Luigi
> > Cc: lists () kentane net; security-basics () lists securityfocus com
> > Subject: Re: wifi security
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Actually,
> > 	What I would suggest for wireless security is simply 
> > not sending your sensitive data out over the air.  Encrypted 
> > or not, you are still sending it out for everyone and anyone 
> > to snag. If you are relying on the encryption for good 
> > security, well, you are simply assuming that no one else has 
> > the key, or a way to crack it.
> >
> > Sensitive data == copper.
> > other can == air.
> >
> > D'Amato Luigi wrote:
> >
> > > try
> > > www.securitywireless.info
> >
> > ----------------------------------------------------------------------
> >
> > > --
> >
> > ---
> >
> > ----------------------------------------------------------------------
> >
> > > --
> >
> > ----
> >
> >
> > - --
> >
> > - -simon-
> >         http://www.snosoft.com
> >         Tibetan "Book of the Dead," ca. 4000 BC.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.1 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iD8DBQE/S7W8f3Elv1PhzXgRAjCmAJ9+azc5YkhbGsK4aD747k2tvVAdgwCgi3zr
> > GExD5j5nKjrulQ0KA0ivToI=
> > =gIuf
> > -----END PGP SIGNATURE-----
> >
> >
> > --------------------------------------------------------------
> > ------------
> > -
> > Attend Black Hat Briefings & Training Federal, September 
> > 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, 
> > VA; the world's premier technical IT security event.  Modeled 
> > after the famous Black Hat event in Las Vegas! 6 tracks, 12 
> > training sessions, top speakers and sponsors. Symantec is the 
> > Diamond sponsor.  Early-bird registration ends September 
> > 6.Visit us: www.blackhat.com
> > --------------------------------------------------------------
> > ------------
> > --


- -- 
Regards,
        -simon-

        Secure Network Operations, Inc.
        http://www.secnetops.com || http://www.snosoft.com
        Office: 978-263-3829  Fax: 978-263-0033
        -------------------------------------------------------
        "Embracing the future of technology, protecting you..."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/XOdtf3Elv1PhzXgRAnkpAKDDv72oMwNoJg8jbJLe9MKsFQ14DwCfZXy/
ykgRKov20p1srgQe/AK+dSg=
=1cKn
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
- Precisely Define and Implement Network Security 
- Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------