Re: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects



Chip,

As with most things... "it depends".

However in general, the connection isn't to be considered "secure".
Authentication and encryption in hotspot situations you mention is all
handled on the application layer and can vary widely based on the
implementation. The most simple hotspot setup just uses a web-based
authentication form to store a cookie on your machine and then directs
traffic through their internet connection after that.

It would be possible, of course, to setup an IPSEC or SSL VPN tunnel
on the machine automatically, but that would require an extra layer of
software that most cafes and hotels wouldn't (or couldn't) implement
for their customers. All the traffic is therefore hypothetically
wide-open to any other client associated with the network and only
protected on the application layer.

Of course, your mileage may vary depending on the particular
implementation details of the network. Generally speaking, though,
any open "free wifi" network should be considered excessively
untrusted and dirty. You can protect yourself, however, by tunneling
through a secure VPN once you associate to the network.

Hope this helps,

Jon

On Wed, Mar 3, 2010 at 6:19 AM, Chip Panarchy <forumanarchy@xxxxxxxxx> wrote:
Hello

I have noticed recently that most cafés which offer Free WiFi do so,
not with a Wireless Encryption Method (WEP, WPA, WPA2, LEAP etc.) but
with a Forced-Proxy Redirect. (usually https with 128-bit encryption)

(I'm sure there's a better way of saying 'Forced-Proxy Redirect'...)

What are the Security implications of using the Forced-Proxy Redirect
method rather than a Wireless Encryption Method?

Does the traffic still get tunnelled securely?

What are the advantages & disadvantages when comparing these two Design choices?

Please alleviate my concerns.

Thanks in advance,

Chip D. Panarchy

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: OT By a mile in parts comments on Viet Nam
    ... check bank accouts etc etc whilst away but is safe to do so over wireless and using the hotel network.. ... you should regard your connection as insecure and use some ... form of encryption to protect your passwords and privacy. ... My recommendation would be to set up a VPN endpoint in the UK that you ...
    (uk.comp.sys.mac)
  • Re: OT By a mile in parts comments on Viet Nam
    ... compared with the risks already inherent in the average hotel network. ... you should regard your connection as insecure and use some ... form of encryption to protect your passwords and privacy. ... My recommendation would be to set up a VPN endpoint in the UK that you ...
    (uk.comp.sys.mac)
  • Re: Setting Up Network Security
    ... I have two computers able to access the network through MAC Filter ... how can I secure the wireless network more? ... I want to set the encryption to WPA2 - PSK with AES (I know the PSK is ...
    (microsoft.public.windowsxp.network_web)
  • Re: Securing an Ad Hoc Network
    ... The data encryption is set to WEP, however from what I am reading this is a vulnerable method. ... Is there any way for me to enhance the security of these two units and still remain wireless? ... Perhaps make the network itself invisible? ... I don't know what wireless network adapters actually support ...
    (microsoft.public.windowsxp.network_web)
  • Re: XP wireless questions ...setting encryption
    ... I never use the Linksys software for drivers. ... 802.1x authentication is only used with WPA encryption. ... wireless network. ... The manufacturers client program ...
    (alt.internet.wireless)