Security Basics mailing list archives
RE: WiFi security implications
From: "Tres London" <telconstar99 () wblondon com>
Date: Fri, 5 Dec 2003 01:51:14 -0600
Hello, But if I'm allowed to connect from home, IT can't count on my home network from being secure. Thus, it would seem to me, that connecting from a hostile network (i.e. I think any network outside their control would be considered hostile) via VPN is ok with them because they allow me to connect from home. Thoughts? -Tres london -----Original Message----- From: Rusty Chiles [mailto:rustychiles () cox net] Sent: Thursday, December 04, 2003 5:22 PM To: Tres London; security-basics () securityfocus com Subject: RE: WiFi security implications I know that on Microsoft PPTP solutions you can actively attack the PPTP logon via the MS-CHAP password change protocol version 1 to obtain the LANMAN and NT password hashes. Note that once you get the password hashes, you dont even need to crack the passwords to logon onto an SMB server or PPTP server. I'm not sure if cisco's vpn solution is vulnerable to a similar attack, but generally it's a bad idea to connect to anything that you care to keep secured via a hostile network, especially without encryption. -Rusty -----Original Message----- From: Tres London [mailto:telconstar99 () wblondon com] Sent: Wednesday, December 03, 2003 7:29 PM To: security-basics () securityfocus com Subject: WiFi security implications Hello List, 1st time poster here :) If I work for a financial firm, have a laptop with wireless access and am at a publicly available wireless access point, and want access to my network via VPN, what are the security implications? My company currently allows people from home to VPN into the network at work, but IT is nervous about allowing it over a wireless connection because of security implications. My point is that VPN should be secure enough on it's own, even if people access my information, it's still encrypted with IPSec (or something like that). Thoughts? Thanks, -Tres London ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- WiFi security implications Tres London (Dec 04)
- RE: WiFi security implications Rusty Chiles (Dec 04)
- Re: WiFi security implications Paul Kurczaba (Dec 04)
- Re: WiFi security implications Moshe Ashkenazi (Dec 05)
- RE: WiFi security implications Tres London (Dec 05)
- Re: WiFi security implications Moshe Ashkenazi (Dec 05)
- RE: WiFi security implications David Gillett (Dec 05)
- <Possible follow-ups>
- RE: WiFi security implications David J. Jackson (Dec 04)
- Re: WiFi security implications Tres London (Dec 05)
- RE: WiFi security implications Tres London (Dec 05)
- RE: WiFi security implications Tres London (Dec 05)
- RE: WiFi security implications Tres London (Dec 05)
- RE: WiFi security implications James Tusini (Dec 15)
- Re: WiFi security implications Ronish Mehta (Dec 08)
- RE: WiFi security implications Security Newsletters-TM (Dec 08)
- RE: WiFi security implications Oliver Rebollido (Dec 09)
- RE: WiFi security implications dave kleiman (Dec 10)
- RE: WiFi security implications Steven A. Fletcher (Dec 09)