"Phil A. Buster" <(E-Mail Removed)> hath wroth:
>In an apartment building wireless is available with a login provided by the
>landlord. The tenant selects the connection and is prompted for a username
>and password and then has Internet access. However, it appears that the
>connection is not encrypted in that the user is never asked for a WPA or
>other key and Windows warns about it. I'm not very familiar with this
>type of managed access and wondering how secure it is. Am I correct in
>thinking that this probably is unencrypted and vulnerable to sniffing or is
>it possible that there might be some kind of secure tunnel established after
>the logon?
If your wireless client manager indicates that the connection is not
encrypted, then you are susceptible to sniffing, session hijacking,
and impersonation. Whatever you're using for a connection manager
should show the current connection status and protocols used.
However, WPA-RADIUS does not ask for an encryption key. The encyption
key is supplied by the RADIUS server. You also authenticate with the
RADIUS server using a login and password as you described. It is one
of the most secure forms of wireless connectivity. Your connection
manager should show that you're using WPA-RADIUS or WPA2-RADIUS (also
known as WPA-Enterprise) if this is the case.
Even if your sessions are not encrypted, you can setup a VPN tunnel,
to a secure server to prevent sniffing. See the FAQ at:
<http://wireless.wikia.com/wiki/Wi-Fi#VPN>
for candidates. These are designed for secure surfing at "public"
access points.
--
Jeff Liebermann
(E-Mail Removed)
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060
http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Similar Threads
Linear Mode
