Home page logo

basics logo Security Basics mailing list archives

RE: WiFi security implications
From: "Rusty Chiles" <rustychiles () cox net>
Date: Thu, 4 Dec 2003 16:21:43 -0700

I know that on Microsoft PPTP solutions you can actively attack the PPTP
logon via the MS-CHAP password change protocol version 1 to obtain the
LANMAN and NT password hashes. Note that once you get the password hashes,
you dont even need to crack the passwords to logon onto an SMB server or
PPTP server.
I'm not sure if cisco's vpn solution is vulnerable to a similar attack, but
generally it's a bad idea to connect to anything that you care to keep
secured via a hostile network, especially without encryption.


-----Original Message-----
From: Tres London [mailto:telconstar99 () wblondon com]
Sent: Wednesday, December 03, 2003 7:29 PM
To: security-basics () securityfocus com
Subject: WiFi security implications

Hello List, 1st time poster here :)

If I work for a financial firm, have a laptop with wireless access and
am at a publicly available wireless access point, and want access to my
network via VPN, what are the security implications?

My company currently allows people from home to VPN into the network at
work, but IT is nervous about allowing it over a wireless connection
because of security implications.

My point is that VPN should be secure enough on it's own, even if people
access my information, it's still encrypted with IPSec (or something
like that).



-Tres London



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]