RE: Wireless security question...

[Murad Talukdar <talukdar_m () subway com>]

So, most of you are suggesting to have WPA in place at home?
How does this work in terms of authentication for home users? Ie, how does
someone establish a secure link to a Radius server on the network? Or have I
got this back to front? I'm assuming that there has to be a Radius in the
auth process somewhere.



Regards
Murad Talukdar

-----Original Message-----
From: Kenton Smith [mailto:listsks () yahoo ca] 
Sent: Saturday, October 29, 2005 7:59 AM
To: Marty; 'Security-Basics'
Subject: Re: Wireless security question...

Answers below:
--- Marty <m_samson () videotron ca> wrote:

>  Hi,
>  
> We're having an in-house discussion regarding the
> risk
> related to wireless security.
>  
> The mobile users would like to be able to use the
> wireless
> technology within their laptops to access the office
> while
> they are away. Right now we don't allow wireless
> access
> points.
>  
> The questions we have are:
>  
> 1- Can a wireless router (installed in their
> home-office) be
> hacked into AND can this hacker take control of the
> wireless
> laptop. If so I would need some detail on how we can
> prevent
> that (besides WEP). Let's assume for the sake of
> discussion
> that there is no WEP encryption on the router. 

Ahhhh!!!!!!
  
>  
> 2- How easy is it to access the laptop once you're
> into the
> router? Is it child splay or do we need a
> specialist?

Child's play. No encryption and just about anyone
could get access to that machine with very little
effort.
 
>  
> 3- If the laptop's wireless router is secured with
> WEP and
> connected to the office via VPN can it be EASILY
> hacked
> into? The VPN connection gives them little access to
> the
> network, barely what they need to work. Will the
> intruder
> have access to our network?

Not easily, for 90% of companies this is pperfectly
secure. If the intruder was able to get in, then yes
they could get access to your network. WEP isn't
great, but in most cases it's secure enough.
Especially if you're then going to wrap it in a VPN.
 
>  
> 4- How secure is my sales rep. running around hotels
> with
> his laptop?

Are you talking abour wireless? Probably no more that
he is running around a hotel with a laptop without
wireless. Do you encrypt everything on the laptops? If
not, it would be easier for someone to steal it than
it  would be to steal traffic on an encrypted link.
Someone who wants information is going to go for the
low-hanging fruit and grabbing a latop while someone
isn't paying attention is way easier than trying to
hack into it.
 
>  
>  
> We are trying to assess the risk...should we, should
> we not
> allow wireless for the mobile workforce.

If you're workforce has wireless enabled notebooks,
you're much better off allowing them to use it and
using best practices to keep the information safe.
Wireless is too convenient. If you forbid them from
using it they're going to work around it and use it
anyway and then they won't be using any security
measures.
>  
>  
>  
> Thanks!
>  
> Marty



        

        
                
__________________________________________________________ 
Find your next car at http://autos.yahoo.ca