Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wireless Encryption Methods (eg; WPA2) vs Forced Secure Proxy Redirects

From: Zaki Akhmad <zakiakhmad () gmail com>
Date: Thu, 4 Mar 2010 14:12:44 +0700
On Wed, Mar 3, 2010 at 7:19 PM, Chip Panarchy <forumanarchy () gmail com> wrote:

Hello

I have noticed recently that most cafés which offer Free WiFi do so,
not with a Wireless Encryption Method (WEP, WPA, WPA2, LEAP etc.) but
with a Forced-Proxy Redirect. (usually https with 128-bit encryption)

(I'm sure there's a better way of saying 'Forced-Proxy Redirect'...)

What are the Security implications of using the Forced-Proxy Redirect
method rather than a Wireless Encryption Method?



From users perspective it's easier for them because they don't have to

enter encryption key. Also from the provider, they don't have to say
to every user the encryption key.

just my 2 cents

-- 
Zaki Akhmad

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: