Penetration Testing mailing list archives
Re: [PEN-TEST] Penetrating Wireless Networks
From: Anton Rager <a_rager () YAHOO COM>
Date: Fri, 9 Mar 2001 18:35:24 -0800
We're recommending that security minded customers put their wireless AP in their DMZ, and use an IPSec client from the wireless workstation into a VPN appliance for internal network access. This setup puts the wireless traffic outside the private network, and only allows access into it via IPSec tunnels. It also prevents wireless users from accessing your internal network un-encrypted. So -- worst case: someone can snoop/inject traffic into your wireless network, but they will only get internet access. More paranoid users could create an additonal zone [2nd DMZ] with just the wireless AP and a VPN server in it. This would limit snooping/injection to just that isolated network zone.....unless they supply the proper IPSec credentials. My pitch is a Nortel Networks Contivity VPN Switch with our Contivity extranet client, but I'm a bit biased;) Other VPN solutions could accomplish the same thing. Anton Rager Nortel Networks --- Rafael Coninck Teigao <rafael () SAFECORE NET> wrote:
After reading the faq, I started thinking:
wouldn't be easier to just use some kind of
software encryption,
like IP-Sec?
Please, correct me if I'm wrong, but I think it
would be possible to
set software on the gateway at the base station and
on the mobile
machine to encrypt the hole traffic. After all,
AFAIK, the wireless
device works solely as a bridge.
What do you guys think?
[]'s,
RCT.
--
-------------------------------------------------------------------------------
"It is the flawed assumption that security
mechanisms can be adequately provided
in layers above the operating system. A perfect
security application cannot make
up for flawed or absent security features within the
OS kernel. It is the
classic example of building a castle on a swamp. You
can build a strong
fortress, but it makes no difference if it slowly
sinks into the ground."
route - Phrack Magazine Volume 8, Issue 54
Dec 25th, 1998, article 06
------------------------------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/
Current thread:
- [PEN-TEST] Penetrating Wireless Networks Frank Knobbe (Mar 07)
- Re: [PEN-TEST] Penetrating Wireless Networks Mark Seiden (Mar 07)
- Re: [PEN-TEST] Penetrating Wireless Networks Max Gribov (Mar 07)
- Re: [PEN-TEST] Penetrating Wireless Networks Robert Stonehouse (Mar 08)
- Re: [PEN-TEST] Penetrating Wireless Networks Rafael Coninck Teigao (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks van der Kooij, Hugo (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Rafael Coninck Teigao (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Weiss, Bill (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Rafael Coninck Teigao (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Anton Rager (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks mirza sahib (Mar 11)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 12)
- Re: [PEN-TEST] Penetrating Wireless Networks Marc Mosko (Mar 12)
- Re: [PEN-TEST] Penetrating Wireless Networks Ichinin (Mar 13)
- Re: [PEN-TEST] Penetrating Wireless Networks Phil Cox (Mar 14)
- <Possible follow-ups>
- Re: [PEN-TEST] Penetrating Wireless Networks Frank Knobbe (Mar 08)
- Re: [PEN-TEST] Penetrating Wireless Networks Marnix Petrarca (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Clarke, Matthew J (Mar 09)
- Re: [PEN-TEST] Penetrating Wireless Networks Bourque Daniel (Mar 13)