RE: Wireless security question...

["David Gillett" <gillettdavid () fhda edu>]

  I think some of your terminology is confused, and I can't 
determine whether clarifying that would answer your questions,
or just change them.

  The wireless NIC in the laptop connects to an access point
or wireless router, which is the bridge/gateway between the
radio net and a wired network.  So when you ask about hacking
into the "wireless router", that could be from another wireless
client, or from the wired network (potentially from the Internet),
but the threat to your user is indirect at best.  Their own
wireless NIC is not, by default, configured to accept connections 
from other clients directly.  ("By default" is important here;
the user can change this to join a purely local wireless client
group, or to share their wired connection with other clients 
(becoming the gateway/router...).  Users shouldn't enable these
without understanding what they're doing, but I'm sure it happens
all the time.

  WEP attempts to protect the traffic between the client and the
access point or router.  VPN provides much stronger protection,
all the way from the client to the VPN termination point within
your network -- it's recommended for remote network access whether
wireless or not.

David Gillett


> -----Original Message-----
> From: Marty [mailto:m_samson () videotron ca] 
> Sent: Thursday, October 27, 2005 4:12 PM
> To: 'Security-Basics'
> Subject: Wireless security question...
>
>  Hi,
>  
> We're having an in-house discussion regarding the risk 
> related to wireless security.
>  
> The mobile users would like to be able to use the wireless 
> technology within their laptops to access the office while 
> they are away. Right now we don't allow wireless access points.
>  
> The questions we have are:
>  
> 1- Can a wireless router (installed in their home-office) be 
> hacked into AND can this hacker take control of the wireless 
> laptop. If so I would need some detail on how we can prevent 
> that (besides WEP). Let's assume for the sake of discussion 
> that there is no WEP encryption on the router. 
>  
>  
> 2- How easy is it to access the laptop once you're into the 
> router? Is it child splay or do we need a specialist?
>  
>  
> 3- If the laptop's wireless router is secured with WEP and 
> connected to the office via VPN can it be EASILY hacked into? 
> The VPN connection gives them little access to the network, 
> barely what they need to work. Will the intruder have access 
> to our network?
>  
>  
> 4- How secure is my sales rep. running around hotels with his laptop? 
>  
>  
>  
> We are trying to assess the risk...should we, should we not 
> allow wireless for the mobile workforce.
>  
>  
>  
> Thanks!
>  
> Marty