Home page logo
/

basics logo Security Basics mailing list archives

RE: WiFi security implications
From: "Tres London" <telconstar99 () wblondon com>
Date: Fri, 5 Dec 2003 01:50:23 -0600

But if VPN is the only way to get into the office network, then I
wouldn't be able to use that access point you talk about in your 2nd to
last paragraph right?

-Tres London

-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu] 
Sent: Thursday, December 04, 2003 6:26 PM
To: 'Tres London'; security-basics () securityfocus com
Subject: RE: WiFi security implications

  The VPN encryption should be end-to-end, from your laptop
across the wireless connection and internet to a trusted endpoint 
on the company network.  The wireless link in the chain means 
there is a bit higher likelihood that the traffic can be sniffed 
than with *most* home Internet technologies, but the VPN encryption
should be resistant to that.
  I don't think your IT guys need to worry on that score.

  I have heard that in some cases the providers of public or semi-
public wireless access are reluctant to permit end-to-end VPN
connections since they lose any ability to monitor traffic except 
by volume.  Such providers may allow you to minimize the sniffing
risk by running IPSec over the wireless link, but not across the
remaining Internet leg of the conversation.
  This is not good enough, and your IT guys would be right to
block that scenario.

David Gillett


-----Original Message-----
From: Tres London [mailto:telconstar99 () wblondon com]
Sent: December 3, 2003 18:29
To: security-basics () securityfocus com
Subject: WiFi security implications


Hello List, 1st time poster here :)

If I work for a financial firm, have a laptop with wireless access and
am at a publicly available wireless access point, and want 
access to my
network via VPN, what are the security implications?

My company currently allows people from home to VPN into the 
network at
work, but IT is nervous about allowing it over a wireless connection
because of security implications. 

My point is that VPN should be secure enough on it's own, 
even if people
access my information, it's still encrypted with IPSec (or something
like that).

Thoughts?

Thanks,

-Tres London


--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]