Home page logo
/

basics logo Security Basics mailing list archives

RE: WiFi security implications
From: "James Tusini" <james () homehouse co uk>
Date: Sat, 13 Dec 2003 17:29:45 -0000

It could be possible to be the victim of a man in the middle attack on the
Wi-Fi, depending on the config.
However this is also possible if at home you're on cable broadband, as this
paper describes:
http://www.trustmatta.com/downloads/Matta_Broadband_Insecurity.pdf .

You don't mention what type of VPN you're actually using so I can't really
go into more detail.

James

-----Original Message-----
From: Tres London [mailto:telconstar99 () wblondon com]
Sent: 05 December 2003 07:51
To: security-basics () securityfocus com
Subject: RE: WiFi security implications


Hello,

But if I'm allowed to connect from home, IT can't count on my home
network from being secure. Thus, it would seem to me, that connecting
from a hostile network (i.e. I think any network outside their control
would be considered hostile) via VPN is ok with them because they allow
me to connect from home. Thoughts?

-Tres london

-----Original Message-----
From: Rusty Chiles [mailto:rustychiles () cox net]
Sent: Thursday, December 04, 2003 5:22 PM
To: Tres London; security-basics () securityfocus com
Subject: RE: WiFi security implications

I know that on Microsoft PPTP solutions you can actively attack the PPTP
logon via the MS-CHAP password change protocol version 1 to obtain the
LANMAN and NT password hashes. Note that once you get the password
hashes,
you dont even need to crack the passwords to logon onto an SMB server or
PPTP server.
I'm not sure if cisco's vpn solution is vulnerable to a similar attack,
but
generally it's a bad idea to connect to anything that you care to keep
secured via a hostile network, especially without encryption.

-Rusty

-----Original Message-----
From: Tres London [mailto:telconstar99 () wblondon com]
Sent: Wednesday, December 03, 2003 7:29 PM
To: security-basics () securityfocus com
Subject: WiFi security implications


Hello List, 1st time poster here :)

If I work for a financial firm, have a laptop with wireless access and
am at a publicly available wireless access point, and want access to my
network via VPN, what are the security implications?

My company currently allows people from home to VPN into the network at
work, but IT is nervous about allowing it over a wireless connection
because of security implications.

My point is that VPN should be secure enough on it's own, even if people
access my information, it's still encrypted with IPSec (or something
like that).

Thoughts?

Thanks,

-Tres London


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault