Re: Mobile wireless users
From: Ashish Popli (apopli_at_gmail.com)
To: firstname.lastname@example.org Date: Sat, 28 May 2005 04:15:55 -0400
> Traffic to/from those devices at a non-secure location is susceptible
> to capture and analysis by unknown parties.
Agree, this is going to be a problem, say, if passwords are being sent
in plaintext, but any security aware organization will not use a service
that uses plain text passwords. So what is the mobile device trying to
access in this case?
> What about the times they use organization resources that are exposed
> to the general public and enter private credentials to gain access to
> those resources?
This somehow does not make sense to me, why would anyone need private
credentials to access public information? Please correct me if I am
wrong or missing something.
In general, If there is a sensitive or private resource, it should not
be sitting outside your firewall(ed)/vpn(ed) network and should not be
using plain text passwords.
I understand that a firewall on the mobile device prevents accessing
resources *on* that device. I also understand that a vpn will encrypt
traffic to/from that device and an organization's private network. But
what about those times when the user doesn't turn on the VPN? What about
the times they use organization resources that are exposed to the
general public and enter private credentials to gain access to those
resources? How do you help your wireless users be paranoid about what
they are accessing when using wireless access? How do you prepare them
to handle vari
> ous activities that they may want or need to perform using those wireless devices?
> I appreciate your comments on this issue and hope it will answer some significant questions that my organization has about allowing users to use mobile wireless devices outside of our facilities.
> Troy Tate
> Corporate Network Manager
> CTS Corp.
> 574-293-7511 x397
> 574-294-5718 fax