Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: [PEN-TEST] Penetrating Wireless Networks

Re: [PEN-TEST] Penetrating Wireless Networks

From: Anton Rager <a_rager_at_YAHOO.COM>
Date: Fri, 9 Mar 2001 18:35:24 -0800

We're recommending that security minded customers put
their wireless AP in their DMZ, and use an IPSec
client from the wireless workstation into a VPN
appliance for internal network access. This setup puts
the wireless traffic outside the private network, and
only allows access into it via IPSec tunnels. It also
prevents wireless users from accessing your internal
network un-encrypted.

So -- worst case: someone can snoop/inject traffic
into your wireless network, but they will only get
internet access. More paranoid users could create an
additonal zone [2nd DMZ] with just the wireless AP
and a VPN server in it. This would limit
snooping/injection to just that isolated network
zone.....unless they supply the proper IPSec
credentials.

My pitch is a Nortel Networks Contivity VPN Switch
with our Contivity extranet client, but I'm a bit
biased;) Other VPN solutions could accomplish the
same thing.

Anton Rager
Nortel Networks

--- Rafael Coninck Teigao <rafael_at_SAFECORE.NET> wrote:
> After reading the faq, I started thinking:
> wouldn't be easier to just use some kind of
> software encryption,
> like IP-Sec?
>
> Please, correct me if I'm wrong, but I think it
> would be possible to
> set software on the gateway at the base station and
> on the mobile
> machine to encrypt the hole traffic. After all,
> AFAIK, the wireless
> device works solely as a bridge.
>
> What do you guys think?
>
> []'s,
> RCT.
>
> --
>
-------------------------------------------------------------------------------
> "It is the flawed assumption that security
> mechanisms can be adequately provided
> in layers above the operating system. A perfect
> security application cannot make
> up for flawed or absent security features within the
> OS kernel. It is the
> classic example of building a castle on a swamp. You
> can build a strong
> fortress, but it makes no difference if it slowly
> sinks into the ground."
> route - Phrack Magazine Volume 8, Issue 54
> Dec 25th, 1998, article 06
>
-------------------------------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/
Received on Mar 10 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos