North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wifi Security

  • From: Joel Jaeggli
  • Date: Mon Nov 21 17:31:21 2005

On Mon, 21 Nov 2005, Stephen J. Wilcox wrote:

<snip>

What do you learn by looking at someone's ipsec, ssl-wrappered, or ssh
tunneled traffic?
no, we're not trying to do that, you dont really think that because its
encrypted it cant be decrypted do you?
I do believe (reasonably so, I think) that if I'm going have a conversation with a second party whom I already trust, that a third party will have trouble inserting themself into the path of that conversation without revealing their presence..

<snip>

you dont have to break the code if the endpoints trust sessions with you and
share their encryption keys
Successfully inserting yourself in the middle requires some social-engineering or really bad protocol design. The former can be mitigated through vigilance, the later falls into the realm of peer review and security research.

If I may paraphrase the original posters question (Ross Hosman), it was:

Do large wireless buildouts present a new security threat due to the potential to spoof AP's?

The answer to that is no, this is a threat we live with currently. We have tools to mitigate the risks associated with it.

You can say that consumers are stupid, and won't figure this out, and that may be true; however when it's starts to cost them losts money, they will sit-up take notice and buy tools to solve this problem for them, just like they do with any other security threat that goes beyond being an anoyance. probably said product will be blue, say linksys on it, and have the word vpn (among others) buried on the packaging someplace.

Steve

--
--------------------------------------------------------------------------
Joel Jaeggli  	       Unix Consulting 	       [email protected]
GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2