Hams Report 85-mile 802.11b File Transfers @ Oregon - management

Chuck Yerkes chuck+baylisa at snew.com
Wed Apr 14 19:40:16 PDT 2004


Quoting Alvin Oga (alvin at Mail.Linux-Consulting.com):
...
> > It significantly raises the possibility that the user in question will
> > keep the password written down somewhere, or that management will decree
> > that Easier Passwords Shall Be Used(TM).
> 
> 99% chance that the managers willl make the passwd the name of 
> their dog or spouse or the same as their atm pin#
> 
> and 99% chance that the passwd will be written down somewhere as JC said

Again, do you have citations for this information or are you
just pulling numbers out of your ass based on your beliefs
and prejudices based on narrow experience?

> > 1)  Deploy all wireless access points outside your edge, with standard
> >     precautions taken (MAC ACLs, high-entropy password, non-default
> >     SSID, no 802.11b/g/whathaveyou broadcast frames enabled, etc.)
> i'd add gw info into that list ... since mac addresses can be modified
which is moot when it's as part of a continuing, authenticated protocol.
ssh doesn't take well to another machine hopping in as one end suddenly.

> if you're allowing vpn from people's home network that is allowed
> to vpn into the secure network, the home network will be the weakest link
> 	- too many vpn problems and what gain does the company gets
> 	for the extra risk ? ( just as bad as wireless problems, imho )
> 
> 	and worst, the corp admin has zero control of the home network
> 	which can log into the secure corp network 

Right, and that shouldn't be a problem or an issue.  PRESUME that
the desktop (in work, at home) in compromised.  Now work from that.

SecureIDs (or similar) and encrypted connections are a big part.
But this becomes a rerun doesn't it?



More information about the Baylisa mailing list