[Techtalk] opinions wanted on wireless security

Conor Daly conor.daly-linuxchix at cod.homelinux.org
Wed Jan 10 09:10:49 UTC 2007 

On Tue, Jan 09, 2007 at 06:22:22PM -0800 or so it is rumoured hereabouts, 
Carla Schroder thought:
> Now where can I find some opinions....

I've got some.  Any particular subject?... 
 
> My notion of wireless security is "everyone use WPA". It's easy and it works. 
> But some folks stubbornly cling to their antique wireless gear that only 
> supports WEP, which is beyond pitiful. Are OpenVPN or SSH tunnels sufficient 
> in these situations?

Oh, this...  

I've no experience of wireless so it's all speculation.

Presuming access out of your whole network is not directly available to
wireless clients, but rather through some vpn/ssh gateway, it should be
ok.  At that stage you're just passing packets around in the air and
anything that's not properly authenticated to the vpn/ssh stuff should
just float around without getting anywhere.  OTOH, if you were routing
wireless packets out to the 'net and only using vpn/ssh for your internal
network, you would then be at risk of your wireless network being
wardriven.  At that point, you might be at risk of liability for the
activities of somebody outside your control.

Of course, if your wireless bit is not secure, it does give an attacker
somewhere to work from in terms of port scanning and stuff.  Maybe there's
the opportunity for man-in-the-middle attacks if the attacker manages to
be the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...  Maybe there's the opportunity for man-in-the-middle attacks if
the attacker manages to be the one to whom the wireless clients attempt to
authenticate.  I don't know how possible that is...  Maybe there's the
opportunity for man-in-the-middle attacks if the attacker manages to be
the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...  Maybe there's the opportunity for man-in-the-middle attacks if
the attacker manages to be the one to whom the wireless clients attempt to
authenticate.  I don't know how possible that is...  Maybe there's the
opportunity for man-in-the-middle attacks if the attacker manages to be
the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...  Maybe there's the opportunity for man-in-the-middle attacks if
the attacker manages to be the one to whom the wireless clients attempt to
authenticate.  I don't know how possible that is...  Maybe there's the
opportunity for man-in-the-middle attacks if the attacker manages to be
the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...  Maybe there's the opportunity for man-in-the-middle attacks if
the attacker manages to be the one to whom the wireless clients attempt to
authenticate.  I don't know how possible that is...  Maybe there's the
opportunity for man-in-the-middle attacks if the attacker manages to be
the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...  Maybe there's the opportunity for man-in-the-middle attacks if
the attacker manages to be the one to whom the wireless clients attempt to
authenticate.  I don't know how possible that is...  Maybe there's the
opportunity for man-in-the-middle attacks if the attacker manages to be
the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...  Maybe there's the opportunity for man-in-the-middle attacks if
the attacker manages to be the one to whom the wireless clients attempt to
authenticate.  I don't know how possible that is...  Maybe there's the
opportunity for man-in-the-middle attacks if the attacker manages to be
the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...  Maybe there's the opportunity for man-in-the-middle attacks if
the attacker manages to be the one to whom the wireless clients attempt to
authenticate.  I don't know how possible that is...  Maybe there's the
opportunity for man-in-the-middle attacks if the attacker manages to be
the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...  Maybe there's the opportunity for man-in-the-middle attacks if
the attacker manages to be the one to whom the wireless clients attempt to
authenticate.  I don't know how possible that is...  Maybe there's the
opportunity for man-in-the-middle attacks if the attacker manages to be
the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...  Maybe there's the opportunity for man-in-the-middle attacks if
the attacker manages to be the one to whom the wireless clients attempt to
authenticate.  I don't know how possible that is...  Maybe there's the
opportunity for man-in-the-middle attacks if the attacker manages to be
the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...  Maybe there's the opportunity for man-in-the-middle attacks if
the attacker manages to be the one to whom the wireless clients attempt to
authenticate.  I don't know how possible that is...  Maybe there's the
opportunity for man-in-the-middle attacks if the attacker manages to be
the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...  Maybe there's the opportunity for man-in-the-middle attacks if
the attacker manages to be the one to whom the wireless clients attempt to
authenticate.  I don't know how possible that is...  Maybe there's the
opportunity for man-in-the-middle attacks if the attacker manages to be
the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...  Maybe there's the opportunity for man-in-the-middle attacks if
the attacker manages to be the one to whom the wireless clients attempt to
authenticate.  I don't know how possible that is...  Maybe there's the
opportunity for man-in-the-middle attacks if the attacker manages to be
the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...  Maybe there's the opportunity for man-in-the-middle attacks if
the attacker manages to be the one to whom the wireless clients attempt to
authenticate.  I don't know how possible that is...  Maybe there's the
opportunity for man-in-the-middle attacks if the attacker manages to be
the one to whom the wireless clients attempt to authenticate.  I don't
know how possible that is...  Maybe there's the opportunity for
man-in-the-middle attacks if the attacker manages to be the one to whom
the wireless clients attempt to authenticate.  I don't know how possible
that is...

Conor
-- 
Conor Daly <conor.daly at cod.homelinux.org>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/G/S/O d+(-) s:+ a+ C++(+) UL++++ US++ P>++ L+++>++++ E--- W++ !N
PS+ PE Y+ PGP? tv(-) b+++(+) G e+++(*) h-- r+++ z++++ 
------END GEEK CODE BLOCK------
http://www.geekcode.com/ http://www.ebb.org/ungeek/

More information about the Techtalk mailing list