RE: Wireless security question...

• Previous message: Fred Cohen: "Re: Wireless security question..."
• Maybe in reply to: Marty: "Wireless security question..."
• Next in thread: Kenton Smith: "Re: Wireless security question..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Marty <m_samson@videotron.ca>, 'Security-Basics' <security-basics@securityfocus.com>
Date: Fri, 28 Oct 2005 16:05:55 -0600

The risk with wireless is more often a risk to the network than it is a risk
to the individual PCs. The PC is not "listening" and accepting inbound
connections, it is initiating a connection to the network.

So, your questions....

>>>>
- Can a wireless router (installed in their home-office) be
hacked into AND can this hacker take control of the wireless
laptop. If so I would need some detail on how we can prevent
that (besides WEP). Let's assume for the sake of discussion
that there is no WEP encryption on the router.
<<<<<

Hacking into the network and hacking into the PC are entirely different
things and not entirely related. Again, the threat is that the intruder is
able to "listen" to the traffic going over the wireless connection. This
could be important documents, it could be secret financial information, but
most importantly in many cases, passwords are transmitted in clear-text over
the network (such as with POP3 email or telnet). The hacking risk from
wireless comes directly from the vulnerability of these passwords.

Hacking a wireless router generally requires that you are able to connect to
it. If you allow anyone with a wireless card to connect to your network,
you've made a mistake. Hacking a PC generally requires a connection to that
PC. Any computer connected to your network has the potential to hack into
your sales person's laptop once he/she is connected to the network via the
wireless. The wireless makes little difference. WEP is not a huge help,
though it can deter casual "vandals" it won't deter a determined and/or
experienced intruder.

>>>>>>
2- How easy is it to access the laptop once you're into the
router? Is it child splay or do we need a specialist?
<<<<<<<

Again, the access to the router has little/nothing to do with access to the
laptop. The transmissions between them fly through the air and can be
picked up several miles away with a good antenna (and without transmitting a
single byte)... Breaking into the router is pointless unless your goal is
to.... mess with the router. Most routers don't have the capability to
sniff traffic off their interfaces and report back to the hacker. It's FAR
easier to sniff it directly out of the air, being completely silent and
passive. I conducted an experiment in college, analyzing wireless data
(encrypted with WEP) from a university workstation (with permission of
course) for upwards of a month without leaving any trace I was doing it. My
signal only dropped when it was snowing because I was just under a mile away
and using a 12dbi yagi antenna to pick up faint signals from a building on
the other side of campus.

>>>>>>>>
3- If the laptop's wireless router is secured with WEP and
connected to the office via VPN can it be EASILY hacked
into? The VPN connection gives them little access to the
network, barely what they need to work. Will the intruder
have access to our network?
<<<<<<<<<

WEP doesn't secure a router. It secures the communication channel between
the wireless router and the laptop. It is not secure. All forms of WEP can
be broken in less than 18 hours, weaker forms in less than 30 minutes. You
must use a more modern protocol like TKIP, WPA or 802.11i security protocols
to ensure secure communication. OR, you have the laptop initiate a VPN
connection, so that all the wireless data is inside of a VPN tunnel.

What good is a VPN if it can't access most of the network? The *entire
point* of a VPN is to provide secure, remote access to the network.
 
 

<<<<<<<<

4- How secure is my sales rep. running around hotels with
his laptop?
>>>>>>>>

It depends on how secure he is running around with his laptop...
Again, unencrypted wireless data can be easily sniffed unless it uses
advanced encryption like WPA. If you want to ensure their safety, set up a
VPN into your office that can be connected to from anywhere. Then they can
use it for all their wireless data and there is very little risk. PPTP,
IPSEC and L2TP (VPN protocols) are not vulnerable to the same attacks as WEP
is.

>>>>>>>>>>
We are trying to assess the risk...should we, should we not
allow wireless for the mobile workforce.
<<<<<<<<<<

It's not all that much more risky than allowing them to input their
passwords into public terminals at some 'net café. That's often the
alternative to equipping remote employees with wireless laptops. It's a
matter of giving them a means to protect their data. Better they have a
system that you've configured properly than to trust that the 'net cafe or
public terminals don't have keyloggers to steal their info.

I detect a fundamental misunderstanding of the risks of wireless and data
communication in the first place. Dig around on the web, read about the
risks and technologies - it will help you make an informed decision.

Eric

• Previous message: Fred Cohen: "Re: Wireless security question..."
• Maybe in reply to: Marty: "Wireless security question..."
• Next in thread: Kenton Smith: "Re: Wireless security question..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]