Re: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects

[Tim <tim-pentest () sentinelchicken org>]

> I have noticed recently that most cafés which offer Free WiFi do so,
> not with a Wireless Encryption Method (WEP, WPA, WPA2, LEAP etc.) but
> with a Forced-Proxy Redirect. (usually https with 128-bit encryption)
>
> (I'm sure there's a better way of saying 'Forced-Proxy Redirect'...)
>
> What are the Security implications of using the Forced-Proxy Redirect
> method rather than a Wireless Encryption Method?
>
> Does the traffic still get tunnelled securely?

Probably not.  I'm not sure exactly what the implementation details
are in the scenarios you're talking about, but chances are it would be
vulnerable to attacks similar to those used in sslstrip.

E.g.:  Attacker conducts MitM attack and responds to HTTP request
(stripping all HTTPS links) with the victim while utilizing the
"secure" forced proxy upstream to retrieve pages.  


> What are the advantages & disadvantages when comparing these two
> Design choices?

You'd think WPA2 would be a much better choice security-wise, but I'm
not sure similar attacks can't be done if everyone has the PSK.
Obviously, using separate PSKs for each user is pain without proper
software support and a super-easy distribution mechanism.  I'm sure
some other folks might have some opinions on this.

tim

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------