Forum

adaptive mobile firewall

6 posts by 4 authors in: Forums > CWSP - Enterprise Wi-Fi Security
Last Post: April 23, 2005:
  • By PhilM
    Reply

    Check this out.. http://www.smallbusinesscomputing.com/buyersguide/article.php/3461021

    Good tool!? I wish there was a good why to protect clients on like Hotspots!

    Phil

  • By Saint
    Reply

    Hi all,
    Yes, something like this or a VPN client would be good as people don't like to be much bothered about security. Everyone knows that "hotspots" are not the most secure locations but still you'll be surprised at the number of people who use these facilities at airports etc.
    just my .02 cents
    Niloufer Tamboly, CISSP

  • By LongWorm
    Reply

    Firewalls should really be a requirement for every wireless scenario including public-wi, home wi-fi and Corporate Wireless LAN. There are really three main areas where a mobile wireless machine is vulnerable:

    - Malware/Viruses: Ensure AV and Spyware are always running and up-to-date. Ensure the machine is up-to-date with patches and hotfixes and is configured properly from a security perspective. Personal firewall with IDS/IPS capability, such as Zone, Cisco or RSDP/BlackICE will help protect against zero day attacks. In addition, the personal firewall should have the ability to automatically switch between firewall/IDS/IPS policies based upon their location; i.e., corporate LAN vs. public wi-fi location. That way, they have maximum protection in public and have the necessary ports open when they're on the corporate LAN to properly utilize LAN resources, be managed, etc.

    - Sniffing of Credentials or Data: Enforcing the use of VPN without split tunneling and disconnecting the remote user if the VPN tunnel is disabled will ensure all data leaving the machine is encrypted (There really aren't any Wi-Fi security standards for public wi-fi - it's not like everyone could use the same WEP keys, what would be the point and not every user will have EAP, etc. configured or even know how do do it ). In addition, corporations should be using an enterprise-grade and aggregated public wi-fi solution, where credential security is enforced at each location (such as always using SSL to pass credentials from the wireless laptop to the AP) and meets their minimum requirements for encryption, while validating the authenticity of the public Access Point.

    - Direct Attack: Again, fully patched, personal firewall, AV and VPN protect against this.

    I actually do presentations at computer conferences where I hack into a system in a simulated public wi-fi environment. Without the aformentioned security apps, policies and enforcement, complete control of the remote system can be had in less than two minutes...and that includes stealing all usernames and passwords, shutting-off AV, putting a trojan horse on the system, etc.

    Just my thoughts,

  • By (Deleted User)
    Reply

    Longworm
    You are correct. I believe a firewall saves you headaches in the long run. I have the Windows XP firewall and TinyPersonal Firewall going. XP leaks, TinyPersonal Firewall doesn't.

    http://www.grc.com/lt/scoreboard.htm Test it for yourself.

  • By PhilM
    Reply

    Thanks guys!

    I think there could be a way to get at least WEP used at hotspots. Even if the AP's just except any WEP keys. That way the link would be encripted. Like a "except all WEP".

    I have tried to use airsnort on my network at home to see how easy/hard it would be to brake. It's not as easy as it might be on a network with lots of users...

    Thanks again,

    Phil

  • By (Deleted User)
    Reply

    PhilM,

    http://www.tomsnetworking.com/Sections-article111.php


    Enjoy!

Page 1 of 1
  • 1