Re: RE: Wireless security and VPN

From: peter.ve@pandora.be
Date: 11/22/02

  • Next message: Timothy M. Lyons: "RE: icmp echo-requests?" 
    From: "peter.ve@pandora.be" <peter.ve@pandora.be>
To: "Robinson, Sonja" <SRobinson@HIPUSA.com>, 'Chris Martin' <chris.martin@smartech.com.au>, Brian Bettger <brianb@diversint.com>
Date: Fri 22 Nov 2002 11:34:21 +0100

    what about the new PEAP protocol ?

    ------------------------
     "Robinson, Sonja" <SRobinson@HIPUSA.com> wrote:
    ------------------------
            
    >802.11b which is used by current wireless devise is inherently insecure and
    >WEP is NOT secure. It is imperative that you use VPN to secure any
    >transmissions. Also, make sure that all defaults are turned off/changed and
    >lock down the SSID as much as possible. That is unless you want to be war
    >driven and cracked. There will be some new products out shortly (1/2Q2003)
    >that will be much more secure for wireless however, a GOOD VPN set up will
    >mitigate most current issues.
    >
    >Netstumber is a great war driver.
    >
    >-----Original Message-----
    >From: Chris Martin [mailto:chris.martin@smartech.com.au]
    >Sent: Sunday, November 17, 2002 8:18 PM
    >To: Brian Bettger
    >Cc: security-basics@securityfocus.com
    >Subject: RE: Wireless security and VPN
    >
    >The 802.11x (I think that's what it's called) system may be what you are
    >looking for. This system utilises the client authenticating to a RADIUS
    >server via EAP. Most Cisco wireless gear has this WEP type (called
    >LEAP). It's quite strong and the keys change regularly at predetermined
    >intervals.
    >
    >Even if you use VPN stuff like L2TP or PPTP you'll still have an
    >authentication process, however LEAP/802.11x integrates all that very
    >seamlessly.
    >
    >Hope this helps,
    >
    >Chris Martin
    >
    >-----Original Message-----
    >From: Brian Bettger [mailto:brianb@diversint.com]
    >Sent: Friday, 15 November 2002 4:12 AM
    >To: security-basics@securityfocus.com
    >Subject: Wireless security and VPN
    >
    >Hello,
    >
    >I am searching for a product that incorporates a Wireless Access Point
    >AND VPN authentication to use for nearly all of our wireless rollouts.
    >As you know SSID and WEP are possibly not enough to keep people out of
    >networks. An integrated VPN authentication after SSID and WEP, BUT
    >before network authentication would be REALLY nice. In other words, I
    >turn on my laptop, PDA or workstation, it establishes the primary
    >connection through the use of SSID and WEP, then stops, leaving port
    >1723 open, dropping all other traffic or attack attempts until I make a
    >secure VPN connection. As soon as I establish the VPN connection I am
    >then prompted (or not) with my NT, Novell, or whatever login.
    >
    >The thought is, a war driver could possibly crack WEP, access to the WAP
    >but is then faced with needing to establish a VPN connection even before
    >he can gain information about the network. The war driver / cracker
    >could only scan and see port 1723.
    >
    >Please pass this on as a request for development if possible. Another
    >point is that it would be nice to have this bundled into one appliance.
    >Additionally pass this on to anyone else you feel may help.
    >
    >Yes, I have looked into Proxim's solution, but it is over priced for my
    >clients (SOHO to medium size business, 25-100 users) and requires two
    >appliances, the WAP and then the VPN appliance.
    >
    >
    >Brian Bettger
    >Systems Engineer
    >Diversint, Inc.
    >Diversified Internet Services Group
    >
    >360-404-2044
    >
    >www.diversint.com
    >
    >Technology is Business
    >
    >
    >
    >**********************************************************************
    >This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for the individual(s) named herein or others specifically authorized to receive the communication. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender of the error immediately, do not read or use the communication in any manner, destroy all copies, and delete it from your system if the communication was sent via email.
    >
    >
    >
    >
    >**********************************************************************
    >

    Relevant Pages

    • RE: Dumb question abt. Wireless WEP security
      ... I don't know if the technology improved any, but when deploying wireless ... You can use WEP in coordination with other ... technologies, VPN, IPSEC, etc to make your network more secure. ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
      (Security-Basics)
    • RE: [Full-Disclosure] Wireless ISPs
      ... If they put WEP in, that's one more thing for customer to do and they'll ... Therefore end-user security ... Im using this venue to influence several wireless ISPs ... >> All transactions done via secure websites are ...
      (Full-Disclosure)
    • Re: Is Dynamic WEP Secure Enough?
      ... forget WEP - get a good ipsec based vpn system, ... I would still use WEP though, would keep some folks off this wireless ... So segment your wireless network outside of your ...
      (Security-Basics)
    • RE: RE: Wireless security and VPN
      ... It is imperative that you use VPN to ... >>that will be much more secure for wireless ... Most Cisco wireless gear has this WEP type ... > specifically authorized to receive the communication. ...
      (Security-Basics)
    • RE: Wireless Pent-Test
      ... If this is for home use have them turn WEP and MAC Address filtering on. ... You need to secure access to your protected network. ... So your VPN is ... his wireless network packets to make sure it is 128 bit encryption... ...
      (Pen-Test)