| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: Cisco LEAP exploit tool... On Wed, 14 Apr 2004, Paul Schmehl wrote: > --On Wednesday, April 14, 2004 03:26:16 PM -0500 Ron DuFresne > <dufresne@...ternet.com> wrote: > > > > Yes, as I said, tunneled and encrypted, anything spewing into the 'air' > > needs to be kept from someone just reaching out and grabbing your data, be > > it wireless network traffic, wireless cameras and keyboards and mice, and > > this includes those sweet little nanny-cams that are actually being > > marketed as 'security monitors'. WEP/WAP, no matter, tunnel it if it is > > to really pass through your wired boundries. Or just don't allow it. > > > The thing that concerns me is the implication that somehow the wired > network is "secure", when in fact it's plaintext in most places. the lan, or wired network is not more secure, but, protected, it has a perimiter that is defended <of course defended by layers of differig devices and application, that ole onion skin approach>. The reason to encrypt all traffic from a DMZ from a wireless connection to the wired end, is to make sure that the data sucked and pushed through wireless to wired does not make it to unwanted/warranted hands. Make sure not only the traffic is tunneled, but that authentication tokens are as well, otherwise there's not need for shadow files and all that, might as well just created passwordless accounts. In the wired setting there is a definate perimiter to mount defences, In the wireless realm there just is no perimiter to mount the defenses. To sniff my wired network, someone needs to get a system for that purpose on my wire, or my providers wire. To sniff the airwaves one just needs the proper equipment and a decent antenea. Now even in the wired realm, once the traffic goes off my wire, it can be sniffed in transit, I no longer guard it. Thus we resort again, to an encrypted tunnel to protect the information contained within. WE've all seen those network drawings whence the internet and frame relays are drawn as 'network clouds', wireless should be displayed and thought of similiarly, if not even more doubiously Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists