Security Basics mailing list archives
RE: wifi security
From: Dave Killion <Dkillion () netscreen com>
Date: Mon, 8 Sep 2003 14:02:18 -0700
Simon, Wifi is obviously easier to obtain that copper or fiber - there's no argument there. I also agree with you on the relative merits of air-vs-copper, and copper-vs-fiber. But in order to address security properly, you must assume that an attacker has access to your dataflow *regardless* of the physical medium over which it travels. To think otherwise is naive. All of these medium are interceptible under the proper conditions. I stand by my statement - IPSec (and "good" encryption in general) is just as secure over any of the transmission mediums. A good attacker will get your flow - which makes the medium issue moot. In order to use wifi securely, of course you need to add layers of protection. But my point is, these layers are prudent under any circumstance. -Dave P.S. - My bank reference had nothing to do with bank network administrators. It had everything to do with the standards and protocols they specify. -----Original Message----- From: simon (www.snosoft.com) [mailto:simon () snosoft com] Sent: Monday, September 08, 2003 1:33 PM To: Mark Medici Cc: Dave Killion; D'Amato Luigi; lists () kentane net; security-basics () lists securityfocus com Subject: Re: wifi security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In response to Dave Killion: "Just the same, IPSec over WiFi is just as secure as IPSec over copper or fiber. And it's good enough for banks to use. It all comes down to managing risk. Good encryption can be useful." Dave, with all due respect you are wrong... Fact is when you send data out over the air via any method the signal will be stronger than it would be out of a cat5 (I figured that this would be obvious). When using cat5 it is simply not easy to collect radio waves and turn them into anything useful. Having said that it is correct to say that copper is more secure than air, and fibre is more secure than copper assuming that all is equal in the data going over the line. What are the chances of someone recording your radio waves from cat5 v.s the chances of someone recording data from 802.11x? Also, don't use banks as an example of security, IMHO they are not secure enough. What is good enough for a bank network is far from good enough for mine. It is not that their administrators are idiots, because they are not idiots, they just don't have the time to do what the hackers of today have the time to do. Mark Medici wrote:
Actually, the most secure networks are required to run fiber-optic
inside
of pressurized conduit with full-time monitoring against physical intrusion. This is because even fibre-optic can tapped without
breaking
the optical conductor if you have sufficient knowledge, skill and patience, plus a few specialized tools. Of course, this is probably too extreme for most private enterprises.-----Original Message----- From: Dave Killion [mailto:Dkillion () netscreen com] Sent: Wednesday, August 27, 2003 12:38 PM To: 'simon () snosoft com'; D'Amato Luigi Cc: lists () kentane net; security-basics () lists securityfocus com Subject: RE: wifi security Simon, Even copper can create interceptible radio waves if one is in close enough proximity to the cable. Which is why for Top Secret data networks the DoD uses fiber. Yes, there are fiber taps and what not, but copper can be intercepted non-invasively. Just the same, IPSec over WiFi is just as secure as IPSec over copper or fiber. And it's good enough for banks to use. It all comes down to managing risk. Good encryption can be useful. -Dave -----Original Message----- From: -SIMON- [mailto:simon () snosoft com] Sent: Tuesday, August 26, 2003 12:32 PM To: D'Amato Luigi Cc: lists () kentane net; security-basics () lists securityfocus com Subject: Re: wifi security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Actually, What I would suggest for wireless security is simply not sending your sensitive data out over the air. Encrypted or not, you are still sending it out for everyone and anyone to snag. If you are relying on the encryption for good security, well, you are simply assuming that no one else has the key, or a way to crack it. Sensitive data == copper. other can == air. D'Amato Luigi wrote:try www.securitywireless.info--------------------------------------------------------------------------- ---------------------------------------------------------------------------- - -- - -simon- http://www.snosoft.com Tibetan "Book of the Dead," ca. 4000 BC. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/S7W8f3Elv1PhzXgRAjCmAJ9+azc5YkhbGsK4aD747k2tvVAdgwCgi3zr GExD5j5nKjrulQ0KA0ivToI= =gIuf -----END PGP SIGNATURE----- -------------------------------------------------------------- ------------ - Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com -------------------------------------------------------------- ------------ --
- --
Regards,
-simon-
Secure Network Operations, Inc.
http://www.secnetops.com || http://www.snosoft.com
Office: 978-263-3829 Fax: 978-263-0033
-------------------------------------------------------
"Embracing the future of technology, protecting you..."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/XOdtf3Elv1PhzXgRAnkpAKDDv72oMwNoJg8jbJLe9MKsFQ14DwCfZXy/
ykgRKov20p1srgQe/AK+dSg=
=1cKn
-----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description:
Current thread:
- RE: wifi security Mark Medici (Sep 02)
- Re: wifi security simon (www.snosoft.com) (Sep 08)
- <Possible follow-ups>
- RE: wifi security Dave Killion (Sep 08)
- Re: wifi security simon (www.snosoft.com) (Sep 08)