Re: wifi security
From: simon (www.snosoft.com) (simon_at_snosoft.com)
Date: 09/08/03
- Previous message: Birl: "Re: Dictionary/brute force MS file and printer sharing?"
- Maybe in reply to: simon (www.snosoft.com): "Re: wifi security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 08 Sep 2003 17:28:28 -0400 To: Dave Killion <Dkillion@netscreen.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dave,
I agree with you that all points of vulnerability are a threat
regardless of how small. But I disagree that all points of
vulnerability pose an equal threat. Fact is, script bunnies and your
average cracker aren't going to read the rf from copper and translate
it. In fact, the average one most probably doesn't even have the
slightest idea as to how to do that.
The answer to the question of security levels also depends on the
nature of the client and their data. There are A's and C's where do they
fall?
So, understanding your point as "all points of vulnerability are
important" I will agree. I will however not agree that all points of
vulnerability are equal. If copper rf sniffing becomes popular some how,
then the risk will increase... but right now, copper is safer imho.
Dave Killion wrote:
> Simon,
>
> Wifi is obviously easier to obtain that copper or fiber - there's no
> argument there. I also agree with you on the relative merits of
> air-vs-copper, and copper-vs-fiber.
>
> But in order to address security properly, you must assume that an
> attacker has access to your dataflow *regardless* of the physical medium
> over which it travels. To think otherwise is naive. All of these medium
> are interceptible under the proper conditions.
>
> I stand by my statement - IPSec (and "good" encryption in general) is
just
> as secure over any of the transmission mediums. A good attacker will get
> your flow - which makes the medium issue moot.
>
> In order to use wifi securely, of course you need to add layers of
> protection. But my point is, these layers are prudent under any
> circumstance.
>
> -Dave
>
> P.S. - My bank reference had nothing to do with bank network
> administrators. It had everything to do with the standards and protocols
> they specify.
>
> -----Original Message-----
> From: simon (www.snosoft.com) [mailto:simon@snosoft.com]
> Sent: Monday, September 08, 2003 1:33 PM
> To: Mark Medici
> Cc: Dave Killion; D'Amato Luigi; lists@kentane.net;
> security-basics@lists.securityfocus.com
> Subject: Re: wifi security
>
>
> In response to Dave Killion:
>
> "Just the same, IPSec over WiFi is just as secure as IPSec
> over copper or fiber. And it's good enough for banks to use.
> It all comes down to managing risk. Good encryption can be useful."
>
> Dave, with all due respect you are wrong...
>
> Fact is when you send data out over the air via any method the signal
> will be stronger than it would be out of a cat5 (I figured that this
> would be obvious). When using cat5 it is simply not easy to collect
> radio waves and turn them into anything useful.
>
> Having said that it is correct to say that copper is more secure than
> air, and fibre is more secure than copper assuming that all is equal in
> the data going over the line.
>
> What are the chances of someone recording your radio waves from cat5 v.s
> the chances of someone recording data from 802.11x?
>
> Also, don't use banks as an example of security, IMHO they are not
> secure enough. What is good enough for a bank network is far from good
> enough for mine. It is not that their administrators are idiots, because
> they are not idiots, they just don't have the time to do what the
> hackers of today have the time to do.
>
>
> Mark Medici wrote:
>
>>Actually, the most secure networks are required to run fiber-optic
>
> inside
>
>>of pressurized conduit with full-time monitoring against physical
>>intrusion. This is because even fibre-optic can tapped without
>
> breaking
>
>>the optical conductor if you have sufficient knowledge, skill and
>>patience, plus a few specialized tools.
>>
>>Of course, this is probably too extreme for most private enterprises.
>>
>>
>>
>>
>>>-----Original Message-----
>>>From: Dave Killion [mailto:Dkillion@netscreen.com]
>>>Sent: Wednesday, August 27, 2003 12:38 PM
>>>To: 'simon@snosoft.com'; D'Amato Luigi
>>>Cc: lists@kentane.net; security-basics@lists.securityfocus.com
>>>Subject: RE: wifi security
>>>
>>>
>>>Simon,
>>>
>>>Even copper can create interceptible radio waves if one is in
>>>close enough proximity to the cable. Which is why for Top
>>>Secret data networks the DoD uses fiber.
>>>
>>>Yes, there are fiber taps and what not, but copper can be
>>>intercepted non-invasively.
>>>
>>>Just the same, IPSec over WiFi is just as secure as IPSec
>>>over copper or fiber. And it's good enough for banks to use.
>>>It all comes down to managing risk. Good encryption can be useful.
>>>
>>>-Dave
>>>
>>>-----Original Message-----
>>>From: -SIMON- [mailto:simon@snosoft.com]
>>>Sent: Tuesday, August 26, 2003 12:32 PM
>>>To: D'Amato Luigi
>>>Cc: lists@kentane.net; security-basics@lists.securityfocus.com
>>>Subject: Re: wifi security
>>>
>>>
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>Hash: SHA1
>>>
>>>Actually,
>>> What I would suggest for wireless security is simply
>>>not sending your sensitive data out over the air. Encrypted
>>>or not, you are still sending it out for everyone and anyone
>>>to snag. If you are relying on the encryption for good
>>>security, well, you are simply assuming that no one else has
>>>the key, or a way to crack it.
>>>
>>>Sensitive data == copper.
>>>other can == air.
>>>
>>>D'Amato Luigi wrote:
>>>
>>>
>>>>try
>>>>www.securitywireless.info
>>>>
>>>>
>>>>
>>>>
>>>
>>>----------------------------------------------------------------------
>>>
>>>
>>>>--
>>>
>>>---
>>>
>>>----------------------------------------------------------------------
>>>
>>>
>>>>--
>>>
>>>----
>>>
>>>
>>>- --
>>>
>>>- -simon-
>>> http://www.snosoft.com
>>> Tibetan "Book of the Dead," ca. 4000 BC.
>>>
- --
Regards,
-simon-
Secure Network Operations, Inc.
http://www.secnetops.com || http://www.snosoft.com
Office: 978-263-3829 Fax: 978-263-0033
-------------------------------------------------------
"Embracing the future of technology, protecting you..."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/XPR8f3Elv1PhzXgRAkzfAKDLjGNKCnpgFsJMGHvH2Pwftw66TwCdEkLX
ZsVeu6FDLLy+msLCjj1mIk4=
=Coti
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Precisely Define and Implement Network Security
- Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW - FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
- Previous message: Birl: "Re: Dictionary/brute force MS file and printer sharing?"
- Maybe in reply to: simon (www.snosoft.com): "Re: wifi security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
