Home page logo
/

basics logo Security Basics mailing list archives

RE: RE: Wireless security and VPN
From: "Jeffrey Eliasen" <jelias () microsoft com>
Date: Tue, 26 Nov 2002 09:38:51 -0800

Or IPSec alone. If you are not concerned with bandwidth issues from
wardrivers using your wireless network to access the outside world then
IPSec alone is enough to secure all your network data. A side benefit is
that visitors can use the network without network credentials to see the
outside world, but the internal network traffic will be beyond their
ability to watch.

------------------------------------
jeffrey k eliasen

-----Original Message-----
From: peter.ve () pandora be [mailto:peter.ve () pandora be] 
Sent: Friday, November 22, 2002 2:34 AM
To: Robinson, Sonja; 'Chris Martin'; Brian Bettger
Cc: security-basics () securityfocus com
Subject: Re: RE: Wireless security and VPN

what about the new PEAP protocol ?

------------------------
 "Robinson, Sonja" <SRobinson () HIPUSA com> wrote:
------------------------
        
802.11b which is used by current wireless devise is inherently insecure
and
WEP is NOT secure.  It is imperative that you use VPN to secure any
transmissions. Also, make sure that all defaults are turned off/changed
and
lock down the SSID as much as possible.  That is unless you want to be
war
driven and cracked. There will be some new products out shortly
(1/2Q2003)
that will be much more secure for wireless however, a GOOD VPN set up
will
mitigate most current issues.

Netstumber is a great war driver.  

-----Original Message-----
From: Chris Martin [mailto:chris.martin () smartech com au] 
Sent: Sunday, November 17, 2002 8:18 PM
To: Brian Bettger
Cc: security-basics () securityfocus com
Subject: RE: Wireless security and VPN

The 802.11x (I think that's what it's called) system may be what you
are
looking for. This system utilises the client authenticating to a RADIUS
server via EAP. Most Cisco wireless gear has this WEP type (called
LEAP). It's quite strong and the keys change regularly at predetermined
intervals.

Even if you use VPN stuff like L2TP or PPTP you'll still have an
authentication process, however LEAP/802.11x integrates all that very
seamlessly.

Hope this helps,

Chris Martin

-----Original Message-----
From: Brian Bettger [mailto:brianb () diversint com] 
Sent: Friday, 15 November 2002 4:12 AM
To: security-basics () securityfocus com
Subject: Wireless security and VPN

Hello,

I am searching for a product that incorporates a Wireless Access Point
AND VPN authentication to use for nearly all of our wireless rollouts.
As you know SSID and WEP are possibly not enough to keep people out of
networks. An integrated VPN authentication after SSID and WEP, BUT
before network authentication would be REALLY nice. In other words, I
turn on my laptop, PDA or workstation, it establishes the primary
connection through the use of SSID and WEP, then stops, leaving port
1723 open, dropping all other traffic or attack attempts until I make a
secure VPN connection. As soon as I establish the VPN connection I am
then prompted (or not) with my NT, Novell, or whatever login.

The thought is, a war driver could possibly crack WEP, access to the
WAP
but is then faced with needing to establish a VPN connection even
before
he can gain information about the network. The war driver / cracker
could only scan and see port 1723. 

Please pass this on as a request for development if possible. Another
point is that it would be nice to have this bundled into one appliance.
Additionally pass this on to anyone else you feel may help.

Yes, I have looked into Proxim's solution, but it is over priced for my
clients (SOHO to medium size business, 25-100 users) and requires two
appliances, the WAP and then the VPN appliance.


Brian Bettger
Systems Engineer
Diversint, Inc.
Diversified Internet Services Group

360-404-2044

www.diversint.com

Technology is Business



**********************************************************************
This message is a PRIVILEGED AND CONFIDENTIAL communication, and is
intended only for the individual(s) named herein or others specifically
authorized to receive the communication. If you are not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this communication is strictly prohibited. If you have
received this communication in error, please notify the sender of the
error immediately, do not read or use the communication in any manner,
destroy all copies, and delete it from your system if the communication
was sent via email. 




**********************************************************************




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault