Security Basics mailing list archives
RE: Wireless security question...
From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Fri, 28 Oct 2005 16:05:55 -0600
The risk with wireless is more often a risk to the network than it is a risk to the individual PCs. The PC is not "listening" and accepting inbound connections, it is initiating a connection to the network. So, your questions....
- Can a wireless router (installed in their home-office) be hacked into AND can this hacker take control of the wireless laptop. If so I would need some detail on how we can prevent that (besides WEP). Let's assume for the sake of discussion that there is no WEP encryption on the router. <<<<< Hacking into the network and hacking into the PC are entirely different things and not entirely related. Again, the threat is that the intruder is able to "listen" to the traffic going over the wireless connection. This could be important documents, it could be secret financial information, but most importantly in many cases, passwords are transmitted in clear-text over the network (such as with POP3 email or telnet). The hacking risk from wireless comes directly from the vulnerability of these passwords. Hacking a wireless router generally requires that you are able to connect to it. If you allow anyone with a wireless card to connect to your network, you've made a mistake. Hacking a PC generally requires a connection to that PC. Any computer connected to your network has the potential to hack into your sales person's laptop once he/she is connected to the network via the wireless. The wireless makes little difference. WEP is not a huge help, though it can deter casual "vandals" it won't deter a determined and/or experienced intruder.
2- How easy is it to access the laptop once you're into the router? Is it child splay or do we need a specialist? <<<<<<< Again, the access to the router has little/nothing to do with access to the laptop. The transmissions between them fly through the air and can be picked up several miles away with a good antenna (and without transmitting a single byte)... Breaking into the router is pointless unless your goal is to.... mess with the router. Most routers don't have the capability to sniff traffic off their interfaces and report back to the hacker. It's FAR easier to sniff it directly out of the air, being completely silent and passive. I conducted an experiment in college, analyzing wireless data (encrypted with WEP) from a university workstation (with permission of course) for upwards of a month without leaving any trace I was doing it. My signal only dropped when it was snowing because I was just under a mile away and using a 12dbi yagi antenna to pick up faint signals from a building on the other side of campus.
3- If the laptop's wireless router is secured with WEP and connected to the office via VPN can it be EASILY hacked into? The VPN connection gives them little access to the network, barely what they need to work. Will the intruder have access to our network? <<<<<<<<< WEP doesn't secure a router. It secures the communication channel between the wireless router and the laptop. It is not secure. All forms of WEP can be broken in less than 18 hours, weaker forms in less than 30 minutes. You must use a more modern protocol like TKIP, WPA or 802.11i security protocols to ensure secure communication. OR, you have the laptop initiate a VPN connection, so that all the wireless data is inside of a VPN tunnel. What good is a VPN if it can't access most of the network? The *entire point* of a VPN is to provide secure, remote access to the network. <<<<<<<< 4- How secure is my sales rep. running around hotels with his laptop?
It depends on how secure he is running around with his laptop... Again, unencrypted wireless data can be easily sniffed unless it uses advanced encryption like WPA. If you want to ensure their safety, set up a VPN into your office that can be connected to from anywhere. Then they can use it for all their wireless data and there is very little risk. PPTP, IPSEC and L2TP (VPN protocols) are not vulnerable to the same attacks as WEP is.
We are trying to assess the risk...should we, should we not allow wireless for the mobile workforce. <<<<<<<<<< It's not all that much more risky than allowing them to input their passwords into public terminals at some 'net café. That's often the alternative to equipping remote employees with wireless laptops. It's a matter of giving them a means to protect their data. Better they have a system that you've configured properly than to trust that the 'net cafe or public terminals don't have keyloggers to steal their info. I detect a fundamental misunderstanding of the risks of wireless and data communication in the first place. Dig around on the web, read about the risks and technologies - it will help you make an informed decision. Eric
Current thread:
- Wireless security question... Marty (Oct 28)
- RE: Wireless security question... David Gillett (Oct 31)
- Re: Wireless security question... phunked up! (Oct 31)
- Re: Wireless security question... Fred Cohen (Oct 31)
- Re: Wireless security question... Kenton Smith (Oct 31)
- <Possible follow-ups>
- Re: Wireless security question... groffg (Oct 31)
- Re: Wireless security question... me (Oct 31)
- RE: Wireless security question... Hagen, Eric (Oct 31)