Wifi Security
Joel Jaeggli
joelja at darkwing.uoregon.edu
Mon Nov 21 22:29:50 UTC 2005
On Mon, 21 Nov 2005, Stephen J. Wilcox wrote:
<snip>
>
>> What do you learn by looking at someone's ipsec, ssl-wrappered, or ssh
>> tunneled traffic?
>
> no, we're not trying to do that, you dont really think that because its
> encrypted it cant be decrypted do you?
I do believe (reasonably so, I think) that if I'm going have a
conversation with a second party whom I already trust, that a third party
will have trouble inserting themself into the path of that conversation
without revealing their presence..
<snip>
> you dont have to break the code if the endpoints trust sessions with you and
> share their encryption keys
Successfully inserting yourself in the middle requires some
social-engineering or really bad protocol design. The former can be
mitigated through vigilance, the later falls into the realm of peer review
and security research.
If I may paraphrase the original posters question (Ross Hosman), it was:
Do large wireless buildouts present a new security threat due to the
potential to spoof AP's?
The answer to that is no, this is a threat we live with currently. We have
tools to mitigate the risks associated with it.
You can say that consumers are stupid, and won't figure this out, and that
may be true; however when it's starts to cost them losts money, they will
sit-up take notice and buy tools to solve this problem for them, just like
they do with any other security threat that goes beyond being an anoyance.
probably said product will be blue, say linksys on it, and have the word
vpn (among others) buried on the packaging someplace.
> Steve
>
--
--------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja at darkwing.uoregon.edu
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
More information about the NANOG
mailing list