RE: WiFi security implications

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 12/05/03

  • Next message: David Gillett: "RE: Port mirroring across multiple switches" 
    To: "'Tres London'" <telconstar99@wblondon.com>, <security-basics@securityfocus.com>
Date: Thu, 4 Dec 2003 16:26:10 -0800

      The VPN encryption should be end-to-end, from your laptop
    across the wireless connection and internet to a trusted endpoint
    on the company network. The wireless link in the chain means
    there is a bit higher likelihood that the traffic can be sniffed
    than with *most* home Internet technologies, but the VPN encryption
    should be resistant to that.
      I don't think your IT guys need to worry on that score.

      I have heard that in some cases the providers of public or semi-
    public wireless access are reluctant to permit end-to-end VPN
    connections since they lose any ability to monitor traffic except
    by volume. Such providers may allow you to minimize the sniffing
    risk by running IPSec over the wireless link, but not across the
    remaining Internet leg of the conversation.
      This is not good enough, and your IT guys would be right to
    block that scenario.

    David Gillett

    > -----Original Message-----
    > From: Tres London [mailto:telconstar99@wblondon.com]
    > Sent: December 3, 2003 18:29
    > To: security-basics@securityfocus.com
    > Subject: WiFi security implications
    >
    >
    > Hello List, 1st time poster here :)
    >
    > If I work for a financial firm, have a laptop with wireless access and
    > am at a publicly available wireless access point, and want
    > access to my
    > network via VPN, what are the security implications?
    >
    > My company currently allows people from home to VPN into the
    > network at
    > work, but IT is nervous about allowing it over a wireless connection
    > because of security implications.
    >
    > My point is that VPN should be secure enough on it's own,
    > even if people
    > access my information, it's still encrypted with IPSec (or something
    > like that).
    >
    > Thoughts?
    >
    > Thanks,
    >
    > -Tres London
    >
    >
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > --------------
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: David Gillett: "RE: Port mirroring across multiple switches"

    Relevant Pages

    • RE: Wireless Security Strategy
      ... Use a VPN for all data traffic. ... From my perspective we are seriously considering creating wireless subnets ... would only be able to talk to a terminal/CITRIX server on the corporate ... wireless network and that would be in encrypted form due to the VPN. ...
      (Security-Basics)
    • RE: Wireless Security Strategy
      ... Make sure that all wireless network ... I'm new to this VPN lark.. ... >>would only be able to talk to a terminal/CITRIX server on the ...
      (Security-Basics)
    • Re: Secure workgroups!
      ... you're mixing threat models when you introduce theft of laptops. ... stolen set) then you aren't going to get very far into the wireless network. ... I try to avoid add-ons like VPN clients and such. ...
      (microsoft.public.security)
    • slightly off topic - flaws in using win2k for wireless security and openbsd replacing
      ... OpenBSD IPSEC wireless AP - but I need to write up a report on the ... where each user has a VPN ... anybody can connect to the wireless access point ... connected to this wireless access point have to use the VPN connection ...
      (comp.security.unix)
    • RE: Wireless access
      ... Subject: Wireless access ... You should be able to go into the wireless properties and specify his ... SSID as the default network. ... Attend a course taught by an expert instructor with years of ...
      (Security-Basics)