Results 1 to 7 of 7

Thread: Wireless Security

  1. #1
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    3

    Default Wireless Security

    hi, im a student at AUS uni, they racently sent us an email about wireless security and they told us we should follow these steps here hxxp://itdfaq.aus.edu/faq/index.php?action=artikel&cat=5&id=19&artlang=en (please change the xx to tt)
    I want to know if i connect to this network, will my data and packets be encrypted? and will this network be secured from sniffing attackes and other stuff?........thanx

  2. #2
    Junior Member imported_Timmay's Avatar
    Join Date
    Sep 2008
    Posts
    30

    Default

    Your schools IT Dept should be able to answer these - and any other questions. Be prepared for them to ask you why.

    This is their link:

    http://www.aus.edu/ausdir/searchdept...ogy+Department
    "If you dont have the cash to purchase a working card then HOW in the world are you gonna take over the planet." - pureh@te

  3. #3
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    Hmm, I think he was looking for a technical perspective from someone other than the school.

    I think PEAP is one of the most secure methods of wireless security at this time. We usually recommend PEAP to any site we perform a wireless security assessment on. There are some new attack vectors against PEAP, namely network impersonation attacks that you can read up on:
    http://www.sans.edu/resources/securi...security_1.php

    Search the forums for posts related to karmetasploit for whats in the works.

    William

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by williamc View Post
    Hmm, I think he was looking for a technical perspective from someone other than the school.

    I think PEAP is one of the most secure methods of wireless security at this time. We usually recommend PEAP to any site we perform a wireless security assessment on. There are some new attack vectors against PEAP, namely network impersonation attacks that you can read up on:
    http://www.sans.edu/resources/securi...security_1.php

    Search the forums for posts related to karmetasploit for whats in the works.

    William
    Is it wise for the school to make their certificate so widely available? Couldn't that contribute to the ease of a MiTM attack?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    Junior Member imported_Timmay's Avatar
    Join Date
    Sep 2008
    Posts
    30

    Default

    Quote Originally Posted by williamc View Post
    Hmm, I think he was looking for a technical perspective from someone other than the school.
    I have no doubt that is the case. In my not so humble opinion - If you can't ask your IT Dept, or Network Admin a direct question about encrypted packets going over the network - then you might not want to do whatever activity requires those packets to be sent.
    "If you dont have the cash to purchase a working card then HOW in the world are you gonna take over the planet." - pureh@te

  6. #6
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    Quote Originally Posted by streaker69 View Post
    Is it wise for the school to make their certificate so widely available? Couldn't that contribute to the ease of a MiTM attack?
    Wow! I completely overlooked that! They provide the certificate to connect to their network allowing you to passively sniff traffic (kismet). You could probably get some user names and passwords similar to the LEAP vulnerability.

    I think this furthers my argument that the poster shouldn't rely on his IT department for security advise.

    William

  7. #7
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    3

    Default

    so from you guys i can understand it's not full secured and it can be under sniffing attackes
    i tried once to ask IT dep. but those people who are setting on the Help Desk they don't know what they are talking about i mean they didn't give me the direct and complete answer so i was confused that's why i asked you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •