Active Topics

 


Page 3 of 4 12 3 4
Poll: Does your place of employment provide private WiFi access to the company LAN?
Poll Options
Does your place of employment provide private WiFi access to the company LAN?

Reply
Thread Tools
Nik1's Avatar
Nik1 is offline Nik1
2007-10-16 , 01:01
Posts: 186 | Thanked: 5 times | Joined on Feb 2007 @ Canada
#21
I work for Magna International we ran WIFI for 2 months a year ago and within a week somone hacked into our server and downloaded all our projects on the bmw mini. There was a whole fuss about it, good thing students didnt take any of the heat
__________________
http://my-symbian.com
 
iball's Avatar
iball is offline iball
2007-10-16 , 01:55
Posts: 729 | Thanked: 19 times | Joined on Mar 2007
#22
Originally Posted by TA-t3 View Post
The wi-fi is outside the firewall. Then there's additional VPN to get through the firewall. Done this way, there are no security issues that aren't already an issue when providing VPN in the first place.
Exactly how my IT company does it.
I love being able to hit Nagios/Cacti from just about anywhere on the planet via the N800 through a CIsco PIX VPN.
What REALLY pisses me off is the lame-assed VPN support on Nokia's OTHER products, namely their E and N series phones. I should be able to just directly import a PCF file and not have to hand-jam everything in and recompile it as a damn SIS file!
The Blackberry Curve 8320 that my company just gave me has a Blackberry Browser that actually goes through the BES server sitting inside the private LAN at the company so I can even hit the Nagios WAP pages without having to do anything at all.

But when it comes to checking up on things or acknowledging alerts, the N800 w/VPN either tethered on Edge or on wi-fi is the way to go. Can even update my case load on our internal tracking server with it while sitting at Starbucks between jobs. MY co-workers have to whip out their heavy laptops. Suckers.
__________________
Kicking Nokia in the jimmy, one marketing exec at a time.
Originally Posted by Mr. T
Well maybe Mr. T hacked the game, and made a mowhawk class? And maybe Mr. T is pretty handy with computers? Had that occurred to you Mr. Condescending Director?
 
pixelseventy2's Avatar
pixelseventy2 is offline pixelseventy2
2007-10-16 , 07:36
Posts: 357 | Thanked: 115 times | Joined on Sep 2007 @ Sunny England :)
#23
Originally Posted by zerojay View Post
And probably a nice way to get fired, too.

If they don't want it used, they shouldn't have wifi. I'm not bypassing the proxy, just working around the NITs limitations.
 
johnkzin's Avatar
johnkzin is offline johnkzin
2007-10-16 , 08:08
Posts: 1,878 | Thanked: 646 times | Joined on Sep 2007 @ San Jose, CA
#24
Originally Posted by Nik1 View Post
I work for Magna International we ran WIFI for 2 months a year ago and within a week somone hacked into our server and downloaded all our projects on the bmw mini. There was a whole fuss about it, good thing students didnt take any of the heat
What kind of security did your WIFI have?

1) non-visible network?
2) WIFI network is ENTIRELY non-trusted? (outside any firewalls, etc.)
3) no WEP*/Wifi-level password to connect, but directs all non-authenticated MAC addresses to ah https web sign-in, and doesn't let them access any other content until they perform that action?
4) block all ports, only making exceptions for SSL-only ports/protocols (465, 993, 995, etc.), the only non-SSL only port allowed being port 80?
5) VPN add-on software for the device, if you want to get behind the firewall?

(* don't bother with WEP, it's useless)

That's basically our environment at work. Except #5 also allows ssh to be used for tunneling through the firewall. Oh, and, #1 isn't true at work (wouldn't make sense, since it's an advertised service, but for a private company you wouldn't want to advertise your intra-wifi network). #1 is true at my house, though.
 
BOFH is offline BOFH
2007-10-16 , 09:11
Posts: 333 | Thanked: 32 times | Joined on Jul 2007
#25
Missing Option;

"Yes - but I don't use my 770/N800 for work related tasks, because the corp standard is Cisco for networking equipment and are wireless uses LEAP."
 
Milhouse is offline Milhouse
2007-10-16 , 09:13
Posts: 3,401 | Thanked: 1,255 times | Joined on Nov 2005 @ London, UK
#26
Originally Posted by johnkzin View Post
1) non-visible network?

Oh, and, #1 isn't true at work (wouldn't make sense, since it's an advertised service, but for a private company you wouldn't want to advertise your intra-wifi network). #1 is true at my house, though.
Hiding the SSID as a security measure is a complete fallacy - in fact, hiding the SSID can sometimes cause problems for certain devices, and it doesn't provide any additional security. You may as well broadcast the SSID at home - anyone intending to hack your hidden network would be able to detect it as easily if it were not hidden.
 
TA-t3 is offline TA-t3
2007-10-16 , 10:21
Posts: 3,841 | Thanked: 1,079 times | Joined on Nov 2006
#27
True enough. In fact, I'm thinking that it could be better to expose the SSID, at least if there are other networks nearby -- it's easier for other wi-fi admins to notice your channel and select another one for themselves if they can see your network right away (depending on what tools they use). Just a thought.
__________________
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
 
BOFH is offline BOFH
2007-10-16 , 11:08
Posts: 333 | Thanked: 32 times | Joined on Jul 2007
#28
Originally Posted by TA-t3 View Post
True enough. In fact, I'm thinking that it could be better to expose the SSID, at least if there are other networks nearby -- it's easier for other wi-fi admins to notice your channel and select another one for themselves if they can see your network right away (depending on what tools they use). Just a thought.
If a "admin" don't know how to see all network in the surrounding including ones with the SSID hidden there is little change they know how to change the channel or the need to change it.
 
TA-t3 is offline TA-t3
2007-10-16 , 11:40
Posts: 3,841 | Thanked: 1,079 times | Joined on Nov 2006
#29
I wasn't really thinking of corporate admins. More like your 'admins' in the neighbourhood.. looking at home wireless router web interfaces there's usually a simple 'scan' function which shows the visible SSIDs and the channel they use. (For those that actually try to set it up, as opposed to just turn it on and never even set their SSID name..) Anyway, it was just a thought. The real point is of course that there's no real security in hidden SSIDs so you can as well leave it visible, probably for the better than worse.
__________________
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
Last edited by TA-t3; 2007-10-16 at 11:42.
 
johnkzin's Avatar
johnkzin is offline johnkzin
2007-10-16 , 12:58
Posts: 1,878 | Thanked: 646 times | Joined on Sep 2007 @ San Jose, CA
#30
Originally Posted by Milhouse View Post
Hiding the SSID as a security measure is a complete fallacy - in fact, hiding the SSID can sometimes cause problems for certain devices, and it doesn't provide any additional security. You may as well broadcast the SSID at home - anyone intending to hack your hidden network would be able to detect it as easily if it were not hidden.
It's not about keeping out the people who know what they're doing. It's about raising the minimum bar of entrance. It's like locking the door on your car: that doesn't keep out real thieves, it keeps out neighborhood kids who are just out breaking rules. Or the little chains you can put on your home door: it doesn't keep out anyone who seriously wants in, but it sets a minimum standard for how determined the person has to be in order to get in.

Same thing. Not advertising the SSID isn't about keeping out the experts, it's about keeping out the kid who is just poking around and maybe trying to see what he can get in to. (and, at home, I do use WEP, but again, just to keep out the amateurs, and because I don't have one of those MAC address based auth systems we use at work; if we had one of those (perfigo? I'm not in the network group) systems, I'd use that in lieu of WEP) The place where I'm actually expecting to get privacy and security, on my home network, is via well protected hosts, and SSL/TLS.
 
Reply
Page 3 of 4 12 3 4

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 01:06.

Contact Us - Home - Archive - Top