Re: Mobile wireless users

[ttate () ctscorp com]

Thanks for the reply. I am referring to employees using company provided laptops to access non-company owned resources 
for private transactions. Is there any concern that the company provided that person with the capabilities to perform 
that transaction using company resources but did not warn the employee that their transactions were not fully secure? 
Troy Tate
Corporate Network Manager
CTS Corp.
574-293-7511 x397
574-294-5718 fax

> > > Ashish Popli <apopli () gmail com> 05/28/05 03:15AM >>>
> Traffic to/from those devices at a non-secure location is susceptible 
> to capture and analysis by unknown parties.
Agree, this is going to be a problem, say, if passwords are being sent 
in plaintext, but any security aware organization will not use a service 
that uses plain text passwords. So what is the mobile device trying to 
access in this case?

> What about the times they use organization resources that are exposed 
> to the general public and enter private credentials to gain access to 
> those resources?
This somehow does not make sense to me, why would anyone need private 
credentials to access public information? Please correct me if I am 
wrong or missing something.

In general, If there is a sensitive or private resource, it should not 
be sitting outside your firewall(ed)/vpn(ed) network and should not be 
using plain text passwords.

Cheers,
Ashish Popli