Re: Wireless security question...
From: Fred Cohen (fred.cohen_at_all.net)
Date: 10/29/05
- Previous message: phunked up!: "Re: Wireless security question..."
- In reply to: Marty: "Wireless security question..."
- Next in thread: Hagen, Eric: "RE: Wireless security question..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Oct 2005 15:06:14 -0700 To: Marty <m_samson@videotron.ca>
On Oct 27, 2005, at 4:11 PM, Marty wrote:
> Hi,
>
> We're having an in-house discussion regarding the risk
> related to wireless security.
>
> The mobile users would like to be able to use the wireless
> technology within their laptops to access the office while
> they are away. Right now we don't allow wireless access
> points.
>
> The questions we have are:
>
> 1- Can a wireless router (installed in their home-office) be
> hacked into
Yes. If...
> AND can this hacker take control of the wireless
> laptop.
Yes. If...
> If so I would need some detail on how we can prevent
> that (besides WEP). Let's assume for the sake of discussion
> that there is no WEP encryption on the router.
Without encryption wireless provides no integrity, confidentiality,
accountability, use control, or availability. But on the other hand,
why is this any different from going to Starbucks and logging in?
>
> 2- How easy is it to access the laptop once you're into the
> router? Is it child splay or do we need a specialist?
Again, it is not the right question to ask. The question is how you
protect the computer at STarbucks. IF you protect the computer that
way and then treat the computer and AP as if they were at a
Starbucks, you will have the same protection from here as there.
> 3- If the laptop's wireless router is secured with WEP and
> connected to the office via VPN can it be EASILY hacked
> into? The VPN connection gives them little access to the
> network, barely what they need to work. Will the intruder
> have access to our network?
Yes. If...
It is the same basic issue as before. If the PC cannot defend itself
you should not be letting it roam. If the network cannot be protected
it should not be connected. If they can, they are as safe at home as
at Starbucks.
> 4- How secure is my sales rep. running around hotels with
> his laptop?
My point exactly.
> We are trying to assess the risk...should we, should we not
> allow wireless for the mobile workforce.
Wireless or wired - when they are away you cannot protect the
intervening infrastructure - so you need to protect the endpoint, the
communications, and the places they go on the other side. This is a
simplification of course, but you get the idea.
> Thanks!
>
> Marty
>
>
>
-- This communication is confidential to the parties it is intended
to serve --
Security Posture securityposture.com tel/fax
University of New Haven unhca.com 925-454-0171
Fred Cohen & Associates all.net 572 Leona Drive
Security Management Partners policygeeks.com Livermore, CA 94550
- Previous message: phunked up!: "Re: Wireless security question..."
- In reply to: Marty: "Wireless security question..."
- Next in thread: Hagen, Eric: "RE: Wireless security question..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
