2/6 Here's a security question. I think my network guy is insane. We
have a WiFi connection at work which is set to only allow certain MAC
addresses, and on top of that it uses WEP. I have a laptop with WiFi
which is on our windows domain, but does NOT have the WEP key and its
MAC is NOT allowed on our WiFi. Is there a security risk to our
network if I connect my laptop to a neighbor's open WAP?
\_ get exploited via neighbor's r00ted box. bring that shit
\_ get r00ted via neighbor's r00ted box. bring that shit
back to work, connect (wireless, wireless, whatever), boom.
\_ Home laptops connected to the corporate network are the most common
virus vector in our company.
\_ Why did you tell him anything about your neighbor's open WAP? And
yes, there is always a security risk moving from one network to
another. You hook up to your neighbor's dirty net, get some virus
then hook up at work and infect everything there skipping most of
the security in place which is normally designed with external
threats in mind. I'm not sure why he lets your laptop on one
internal net but not the other internal net. Have you asked him
to be able to go wireless? Maybe it isn't technical. Maybe his
department charges your department per host and yours hasn't
coughed up the cash. Ask.
\_ The neighbor is a different company. I'm not on our WiFi for
different silly reasons. I want to use the neighbor's WiFi to
test a server from an expeternal IP. I am fully patched, using
a firewall, and not using IE. -op
\_ Yes there is a risk. Cracking WEP is not as easy as some people
make it out to be, but it is pretty easy to catch shit. We've
seen some fun trojans around which try various approaches involving
switching wireless networks. My question is: why is the laptop
on your windows domain if you do not connect it to your local
network? If you ever connect that laptop to a fixed newtork
that is the same as your work's wifi, you are asking for trouble.
Your network guy is not insane. Now if the laptop lacking the\
WEP key is properly secured (firewall, AV, patches, VPN, etc etc)
then it's no different from connecting via, say, a hotel
network and you should be fine. -John |