In general I think that there is an issue with wireless being on by default. Because when you are plugged into the corporate LAN by Cat5, that makes your PC act like a router.
Corporate Lan------(Wired)----PC- - -(Wireless)- - -Corparate Lan
Right, to actually be a "Router" that makes sense in a literal sense. I just meant that say from outside the office they can access the pc from the wireless lan through their snort findings or something. Then after they are in my pc they could go through the hardwired lan, that is wide open, no ACLs or anything. Routing in that sense.
It seems better to always turn off the wireless if you have a cat5 lan connection as a security precaution ,(Why have wireless enabled if you are hard wired, from a security standpoint their is no good reason to have both enabled) Agreed?
Not literally Neill. If you have one interface and in one LAN and another nic in another LAN, and your wireless side is compromised then it can be a way into your less protected wired LAN.
This is an argument against leaving the wireless card enabled and active on a wireless network; while being connected and active on a wired nic. Best practice to go ahead and disable the wireless in this case.
What are you trying to secure? If somebody has broken into your machine and can run arbitary code on the machine, you've lost. If your machine is vulnerable on the wireless network, it'll (almost certainly) be vulnerable on the wired network too. It's very rare that you can assume the LAN is safe, so I don't see how turning off the wireless helps you.
This is more of the conversation that I was hoping for.
Now I agree with what you are saying. BUT, if you can have access speed of 100Mbps to your servers on a wired lan. And a wireless network for convenience, why have the wireless open from a security standpoint if you are sitting near a network drop? Thanks for the input!
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
Your wireless should *never* be left enabled when you aren't using it. Doing so puts your computer at risk, and by extension any other computers it's networked to. This is a real and serious issue in business environments for which there is no real answer other than (1) sniffing out and shutting down any active wireless or (2) treating any internal LAN as a compromised environment.
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
Secure computer with an active network adapter is an oxymoron. Even WPA-PSK is vulnerable to attack (as described below), not to mention the ever-present danger of exploits due to software errors.
There's simply no way to ensure that all wireless adapters are truly secure. Thinking otherwise (with all due respect, no offense intended) is naive.
---------------------------------------------------------------------------- Weakness in Passphrase Choice in WPA Interface By Glenn Fleishman By Robert Moskowitz Senior Technical Director ICSA Labs, a division of TruSecure Corp
... The offline PSK dictionary attack ... Just about any 8-character string a user may select will be in the dictionary. As the standard states, passphrases longer than 20 characters are needed to start deterring attacks. This is considerably longer than most people will be willing to use.
This offline attack should be easier to execute than the WEP attacks. ... Using Random values for the PSK
The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large number for human entry; 20 character passphrases are considered too long for entry. Given the nature of the attack against the 4-Way Handshake, a PSK with only 128 bits of security is really sufficient, and in fact against current brute-strength attacks, 96 bits SHOULD be adequate. This is still larger than a large passphrase ... ... Summary ... Pre-Shared Keying is provided in the standard to simplify deployments in small, low risk, networks. The risk of using PSKs against internal attacks is almost as bad as WEP. The risk of using passphrase based PSKs against external attacks is greater than using WEP. Thus the only value PSK has is if only truly random keys are used, or for deploy testing of basic WPA or 802.11i functions. PSK should ONLY be used if this is fully understood by the deployers.
See also: Passphrase Flaw Exposed in WPA Wireless Security
Wi-Fi Protected Access. Security in pre-shared key mode
I think neither of you has any clue what you're talking about. The military has zillions of wireless systems, but I suspect very few of them are running 802.11b/g. Mark McIntyre
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.