slightly off topic - flaws in using win2k for wireless security and openbsd replacing

From: Roger Kenebrous (singer18788_at_hotmail.com)
Date: 05/12/04

  • Next message: Mauricio Fernandez MCSE, CCNA: "Re: Multi stage attacks on networks?" 
    Date: 11 May 2004 20:35:36 -0700

    Hi UNIX security professionals and hobbyists,

    I am trying to talk my operations manager into letting me establish an
    OpenBSD IPSEC wireless AP - but I need to write up a report on the
    vulnerabilities with our current scheme and I can identify only a few.
    Basically, we have our wired internal network, then we have a dual-NIC
    win2k server that acts as a Microsoft PPTP VPN server, with one NIC
    connected to the internal network, and one to a wireless access point
    that doesnt run [insecure] WEP. Basically this server only runs its
    Routing and Remote access functions, where each user has a VPN
    connection set with the IP address of the VPN server, and they VPN in
    to it to access the internal network.

    The problem I see is, anybody can connect to the wireless access point
    and sniff the traffic there, as it DHCPs out addresses. While people
    connected to this wireless access point have to use the VPN connection
    to get on our internal network through the RRAS server, their systems
    can still be port scanned etc from people connecting to the insecure
    access point - hence weaknesses can be exploited etc etc and worms
    like sasser etc can be applied. Besides this insecurity, the same
    insecurity that a system experiences sitting in plain site on the
    internet, are there any PPTP security issues or other issues any of
    you can think of that I might include in this report, which will then
    go to an actual security officer in my team?

    Roger

  • Next message: Mauricio Fernandez MCSE, CCNA: "Re: Multi stage attacks on networks?"

    Relevant Pages

    • Re: Industry Standard Security and guest wifi access best practice
      ... VPN use-This is something I want to rule out from the start. ... don't support WPA, and if they did then rule out changing the key ever. ... Use WPA to encrypt wireless traffic, ... Connection is simple for the end user and requires no VPN client ...
      (alt.internet.wireless)
    • Re: Wireless Bridge with Redundant wired VPN
      ... the existing wired VPN connection between them in place (yes, ... installed and tested the wireless bridge to the point that I know it is ... When you say "redundant VPN", does this mean that you have a VPN ... If the VPN routers being used for both the ...
      (alt.internet.wireless)
    • Re: Is wireless viable on and SBS network?
      ... I have trouble believing the point you are suggesting that the wireless ... I've seen machines that don't have proper time sync ignore policy and logon ... Roaming profiles work fine over a VPN, all assuming you are not either too ... the VPN Dialup connection, connect, then initiate the user authentication. ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: problems downloading from exchange over wireless using vpn
      ... ive noticed when using a laptop to connect to our exchange server ... over a wireless connection using a vpn connection, ... Which really shouldn't make a difference if they're using VPN (as you ...
      (microsoft.public.exchange.admin)
    • My Early Experience with Dell Axim X51V
      ... Just received my X51V, to replace an X30 which went to the great scrap heap ... If you're using a VPN, ... The wireless connection agent is hosed. ...
      (microsoft.public.pocketpc.activesync)