lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: dufresne at (Ron DuFresne)
Subject: Cisco LEAP exploit tool...

On Wed, 14 Apr 2004, Paul Schmehl wrote:

> --On Wednesday, April 14, 2004 03:26:16 PM -0500 Ron DuFresne
> <> wrote:
> >
> > Yes, as I said, tunneled and encrypted, anything spewing into the 'air'
> > needs to be kept from someone just reaching out and grabbing your data, be
> > it wireless network traffic, wireless cameras and keyboards and mice, and
> > this includes those sweet little nanny-cams that are actually being
> > marketed as 'security monitors'.  WEP/WAP, no matter, tunnel it if it is
> > to really pass through your wired boundries.  Or just don't allow it.
> >
> The thing that concerns me is the implication that somehow the wired
> network is "secure", when in fact it's plaintext in most places.

the lan, or wired network is not more secure, but, protected, it has a
perimiter that is defended <of course defended by layers of differig
devices and application, that ole onion skin approach>.  The reason to
encrypt all traffic from a DMZ from a wireless connection to the wired
end, is to make sure that the data sucked and pushed through wireless to
wired does not make it to unwanted/warranted hands.  Make sure not only
the traffic is tunneled, but that authentication tokens are as well,
otherwise there's not need for  shadow files and all that, might as well
just created passwordless accounts.  In the wired setting there is a
definate perimiter to mount defences, In the wireless realm there just is
no perimiter to mount the defenses.

To sniff my wired network, someone needs to get a system for that purpose
on my wire, or my providers wire.  To sniff the airwaves one just needs
the proper equipment and a decent antenea.  Now even in the wired realm,
once the traffic  goes off my wire, it can be sniffed in transit, I no
longer guard it.  Thus we resort again, to an encrypted tunnel to protect
the information contained within.

WE've all seen those network drawings whence the internet and frame relays
are drawn as 'network clouds', wireless should be displayed and
thought of similiarly, if not even more doubiously


Ron DuFresne
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Powered by blists - more mailing lists