Re: Mobile wireless users

From: Ashish Popli (apopli_at_gmail.com)
Date: 05/28/05

  • Next message: J0ck3r: "Re: Leaving a door open?"
    To: security-basics@securityfocus.com
    Date:  Sat, 28 May 2005 04:15:55 -0400
    
    

    > Traffic to/from those devices at a non-secure location is susceptible
    > to capture and analysis by unknown parties.
    Agree, this is going to be a problem, say, if passwords are being sent
    in plaintext, but any security aware organization will not use a service
    that uses plain text passwords. So what is the mobile device trying to
    access in this case?

    > What about the times they use organization resources that are exposed
    > to the general public and enter private credentials to gain access to
    > those resources?
    This somehow does not make sense to me, why would anyone need private
    credentials to access public information? Please correct me if I am
    wrong or missing something.

    In general, If there is a sensitive or private resource, it should not
    be sitting outside your firewall(ed)/vpn(ed) network and should not be
    using plain text passwords.

    Cheers,
    Ashish Popli

    ttate@ctscorp.com wrote:

      I understand that a firewall on the mobile device prevents accessing
    resources *on* that device. I also understand that a vpn will encrypt
    traffic to/from that device and an organization's private network. But
    what about those times when the user doesn't turn on the VPN? What about
    the times they use organization resources that are exposed to the
    general public and enter private credentials to gain access to those
    resources? How do you help your wireless users be paranoid about what
    they are accessing when using wireless access? How do you prepare them
    to handle vari
    > ous activities that they may want or need to perform using those wireless devices?
    > I appreciate your comments on this issue and hope it will answer some significant questions that my organization has about allowing users to use mobile wireless devices outside of our facilities.
    > Troy Tate
    > Corporate Network Manager
    > CTS Corp.
    > 574-293-7511 x397
    > 574-294-5718 fax
    >


  • Next message: J0ck3r: "Re: Leaving a door open?"