Security Basics mailing list archives
RE: Wireless security question...
From: Murad Talukdar <talukdar_m () subway com>
Date: Tue, 01 Nov 2005 10:25:27 +1000
So, most of you are suggesting to have WPA in place at home? How does this work in terms of authentication for home users? Ie, how does someone establish a secure link to a Radius server on the network? Or have I got this back to front? I'm assuming that there has to be a Radius in the auth process somewhere. Regards Murad Talukdar -----Original Message----- From: Kenton Smith [mailto:listsks () yahoo ca] Sent: Saturday, October 29, 2005 7:59 AM To: Marty; 'Security-Basics' Subject: Re: Wireless security question... Answers below: --- Marty <m_samson () videotron ca> wrote:
Hi, We're having an in-house discussion regarding the risk related to wireless security. The mobile users would like to be able to use the wireless technology within their laptops to access the office while they are away. Right now we don't allow wireless access points. The questions we have are: 1- Can a wireless router (installed in their home-office) be hacked into AND can this hacker take control of the wireless laptop. If so I would need some detail on how we can prevent that (besides WEP). Let's assume for the sake of discussion that there is no WEP encryption on the router.
Ahhhh!!!!!!
2- How easy is it to access the laptop once you're into the router? Is it child splay or do we need a specialist?
Child's play. No encryption and just about anyone could get access to that machine with very little effort.
3- If the laptop's wireless router is secured with WEP and connected to the office via VPN can it be EASILY hacked into? The VPN connection gives them little access to the network, barely what they need to work. Will the intruder have access to our network?
Not easily, for 90% of companies this is pperfectly secure. If the intruder was able to get in, then yes they could get access to your network. WEP isn't great, but in most cases it's secure enough. Especially if you're then going to wrap it in a VPN.
4- How secure is my sales rep. running around hotels with his laptop?
Are you talking abour wireless? Probably no more that he is running around a hotel with a laptop without wireless. Do you encrypt everything on the laptops? If not, it would be easier for someone to steal it than it would be to steal traffic on an encrypted link. Someone who wants information is going to go for the low-hanging fruit and grabbing a latop while someone isn't paying attention is way easier than trying to hack into it.
We are trying to assess the risk...should we, should we not allow wireless for the mobile workforce.
If you're workforce has wireless enabled notebooks, you're much better off allowing them to use it and using best practices to keep the information safe. Wireless is too convenient. If you forbid them from using it they're going to work around it and use it anyway and then they won't be using any security measures.
Thanks! Marty
__________________________________________________________ Find your next car at http://autos.yahoo.ca
Current thread:
- Re: Wireless security question... Austin Murkland (Nov 01)
- <Possible follow-ups>
- RE: Wireless security question... Murad Talukdar (Nov 01)
- Re: Wireless security question... Ivan . (Nov 01)