Security Basics mailing list archives
Re: Wireless security question...
From: Kenton Smith <listsks () yahoo ca>
Date: Fri, 28 Oct 2005 17:59:29 -0400 (EDT)
Answers below: --- Marty <m_samson () videotron ca> wrote:
Hi, We're having an in-house discussion regarding the risk related to wireless security. The mobile users would like to be able to use the wireless technology within their laptops to access the office while they are away. Right now we don't allow wireless access points. The questions we have are: 1- Can a wireless router (installed in their home-office) be hacked into AND can this hacker take control of the wireless laptop. If so I would need some detail on how we can prevent that (besides WEP). Let's assume for the sake of discussion that there is no WEP encryption on the router.
Ahhhh!!!!!!
2- How easy is it to access the laptop once you're into the router? Is it child splay or do we need a specialist?
Child's play. No encryption and just about anyone could get access to that machine with very little effort.
3- If the laptop's wireless router is secured with WEP and connected to the office via VPN can it be EASILY hacked into? The VPN connection gives them little access to the network, barely what they need to work. Will the intruder have access to our network?
Not easily, for 90% of companies this is pperfectly secure. If the intruder was able to get in, then yes they could get access to your network. WEP isn't great, but in most cases it's secure enough. Especially if you're then going to wrap it in a VPN.
4- How secure is my sales rep. running around hotels with his laptop?
Are you talking abour wireless? Probably no more that he is running around a hotel with a laptop without wireless. Do you encrypt everything on the laptops? If not, it would be easier for someone to steal it than it would be to steal traffic on an encrypted link. Someone who wants information is going to go for the low-hanging fruit and grabbing a latop while someone isn't paying attention is way easier than trying to hack into it.
We are trying to assess the risk...should we, should we not allow wireless for the mobile workforce.
If you're workforce has wireless enabled notebooks, you're much better off allowing them to use it and using best practices to keep the information safe. Wireless is too convenient. If you forbid them from using it they're going to work around it and use it anyway and then they won't be using any security measures.
Thanks! Marty
__________________________________________________________ Find your next car at http://autos.yahoo.ca
Current thread:
- Wireless security question... Marty (Oct 28)
- RE: Wireless security question... David Gillett (Oct 31)
- Re: Wireless security question... phunked up! (Oct 31)
- Re: Wireless security question... Fred Cohen (Oct 31)
- Re: Wireless security question... Kenton Smith (Oct 31)
- <Possible follow-ups>
- Re: Wireless security question... groffg (Oct 31)
- Re: Wireless security question... me (Oct 31)
- RE: Wireless security question... Hagen, Eric (Oct 31)