Re: Unencrypted password security question. at a major university

From: Michael Janke (jankemi@mail.com)
Date: 04/09/03

  • Next message: Colin M: "Re: Unencrypted password security question. at a major university" 
    From: Michael Janke <jankemi@mail.com>
Date: Wed, 09 Apr 2003 03:40:26 GMT

    Ryan wrote:
    >>>It is bad, but not as bad as you think it is. Yes, the userid and
    >>>password are sent in cleartext across the network, but the network is
    >>>almost certainly segmented, and may even be fully switched.
    >
    >
    > Did I mention that I, as well as countless other students, login from
    > off campus (outside the network) across the web, the fact that this is
    > unencrypted is just entirely unacceptable isn't it?
    >

    Absolutely. If they have an unencrypted login, it should not used the
    same user/password as your other logins, or it should be encrypted.

    >
    >
    >>I wouldn't bet on that. Especially if the college is small or has any
    >>wireless at all. If it is small, is is likely a flat network. If it has
    >>wireless, it is likely unsecured.
    >
    >
    > Our wireless program is huge, the entire campus is covered with access
    > points. It's cool to sit outside with a laptop on a nice day and have
    > 10mbit wireless connect. The library only has about 20 desktops, the
    > rest of the computers are laptops with cards. I'm not sure in what
    > exact way you mean unsecured but the wireless seems pretty tight. Pap
    > / Chap / leap or some such number, there also seems to be some form of
    > hardware authentication as well.
    >
    > thanks for any info
    > -- Ryan

    I certainly wouldn't use a unencrypted login across the wireless. They
    may have done a reasonable job of securing the wireless, but I still
    don't 'trust' it.

    --Mike

  • Next message: Colin M: "Re: Unencrypted password security question. at a major university"

    Relevant Pages

    • Re: Need advice on limiting logins by users
      ... Even though you may have taken precautions to prevent the person from accessing domain resources, I think you put your network at risk by allowing "strangers" any access whatsoever to your production domain. ... I have a guest wireless network that is isolated from our production LAN. ... We have 4 PC's in a work room for projects, temp staff, etc. and the staff member will take them in and login with their login info and go back to work, leaving the kid alone. ...
      (microsoft.public.windows.server.sbs)
    • Re: Workstation Locked out!
      ... Unable to login to domain, ... I even pulled out the wireless ... I tried to connect an old XP pro box to the network using the connect ... The connection wizard ...
      (microsoft.public.windows.server.sbs)
    • Re: XP - home networking with W2K
      ... Wireless network connection to internt ... > only network requirement to access shared Windows ... > when double clicking, get login screen. ...
      (microsoft.public.windowsxp.network_web)
    • Re: Single Sign On with 802.1x wireless authentication
      ... You may want to select "do not login with credential manager" and Login using normal credentials. ... How to Setup Windows, Network, VPN & Remote Access on ... I have installed IAS RADIUS for wireless authentication. ...
      (microsoft.public.windows.vista.networking_sharing)
    • Re: Unencrypted password security question. at a major university
      ... >> password are sent in cleartext across the network, ... > wireless, it is likely unsecured. ... the entire campus is covered with access ... It's cool to sit outside with a laptop on a nice day and have ...
      (comp.security.unix)