Re: Mobile wireless users

From: Ashish Popli (apopli_at_gmail.com)
Date: 05/28/05

  • Next message: J0ck3r: "Re: Leaving a door open?"
    To: security-basics@securityfocus.com
    Date:  Sat, 28 May 2005 04:15:55 -0400
    
    

    > Traffic to/from those devices at a non-secure location is susceptible
    > to capture and analysis by unknown parties.
    Agree, this is going to be a problem, say, if passwords are being sent
    in plaintext, but any security aware organization will not use a service
    that uses plain text passwords. So what is the mobile device trying to
    access in this case?

    > What about the times they use organization resources that are exposed
    > to the general public and enter private credentials to gain access to
    > those resources?
    This somehow does not make sense to me, why would anyone need private
    credentials to access public information? Please correct me if I am
    wrong or missing something.

    In general, If there is a sensitive or private resource, it should not
    be sitting outside your firewall(ed)/vpn(ed) network and should not be
    using plain text passwords.

    Cheers,
    Ashish Popli

    ttate@ctscorp.com wrote:

      I understand that a firewall on the mobile device prevents accessing
    resources *on* that device. I also understand that a vpn will encrypt
    traffic to/from that device and an organization's private network. But
    what about those times when the user doesn't turn on the VPN? What about
    the times they use organization resources that are exposed to the
    general public and enter private credentials to gain access to those
    resources? How do you help your wireless users be paranoid about what
    they are accessing when using wireless access? How do you prepare them
    to handle vari
    > ous activities that they may want or need to perform using those wireless devices?
    > I appreciate your comments on this issue and hope it will answer some significant questions that my organization has about allowing users to use mobile wireless devices outside of our facilities.
    > Troy Tate
    > Corporate Network Manager
    > CTS Corp.
    > 574-293-7511 x397
    > 574-294-5718 fax
    >


  • Next message: J0ck3r: "Re: Leaving a door open?"

    Relevant Pages

    • Re: Historical comparisons
      ... Private ownership of privately created capital equipment is a very ... But private ownership of natural resources is a very bad ... Communism has any bearing on private market based ownership of capital? ...
      (sci.space.policy)
    • Re: Historical comparisons
      ... Unlike genuine human rights, patent privileges are not only a "human ... Or patent privileges or private ownership of natural resources. ...
      (sci.space.policy)
    • Re: 52 year-old Republican woman for Obama
      ... business does not lead to liberty. ... "All public lands and resources, as well as claims thereto, except as ... shall be returned to private ... Resource rights shall be defined as property rights, ...
      (rec.music.gdead)
    • Re: Historical comparisons
      ... Private ownership of privately created capital equipment is a very ... But private ownership of natural resources is a very bad ... The evidence of history is pretty clear. ...
      (sci.space.policy)
    • Re: password issues
      ... manufacturing engineers resorted to post IDs and ... > Passwords on monitors to reduce the chance of account locked out, ... primary can access resources in the secondary, ... All our employees belong to the primary domain. ...
      (comp.security.misc)