Security Question (Wireless)

In general I think that there is an issue with wireless being on by
default. Because when you are plugged into the corporate LAN by Cat5,
that makes your PC act like a router.

Corporate Lan------(Wired)----PC- - -(Wireless)- - -Corparate Lan

Any agreement, disagreement?

Thanks people for your ideas on this!

fishcca <(E-Mail Removed)> wrote:

> In general I think that there is an issue with wireless being on by
> default. Because when you are plugged into the corporate LAN by Cat5,
> that makes your PC act like a router.
>
> Corporate Lan------(Wired)----PC- - -(Wireless)- - -Corparate Lan
>
> Any agreement, disagreement?

Which operating system makes your PC "act like a router" by default?

> When you are plugged into the corporate LAN by Cat5, that makes your
> PC act like a router.

> Corporate Lan____PC----Corporate Lan

Two criteria must be met for the PC to function as a router.

* IP routing must be enabled on the PC.
* Some computer or router must be configured to use the PC as a gateway.

For the PC to route between interfaces, the connected segments of the
Corporate LAN must be logically discrete.

On Thu, 09 Feb 2006 18:46:40 -0600, Dom <(E-Mail Removed)>
wrote:

>> When you are plugged into the corporate LAN by Cat5, that makes your
>> PC act like a router.
>> Corporate Lan____PC----Corporate Lan

>Two criteria must be met for the PC to function as a router.
>
>* IP routing must be enabled on the PC.
>* Some computer or router must be configured to use the PC as a gateway.
>
>For the PC to route between interfaces, the connected segments of the
>Corporate LAN must be logically discrete.

Discretion is advised. I dunno about logical discretion.

How to enable IP routing in W2K and XP:
http://www.windowsnetworking.com/art.../w2kprout.html
--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 (E-Mail Removed)
# http://802.11junk.com (E-Mail Removed)
# http://www.LearnByDestroying.com AE6KS

Right, to actually be a "Router" that makes sense in a literal sense. I
just meant that say from outside the office they can access the pc from
the wireless lan through their snort findings or something. Then after
they are in my pc they could go through the hardwired lan, that is wide
open, no ACLs or anything. Routing in that sense.

It seems better to always turn off the wireless if you have a cat5 lan
connection as a security precaution ,(Why have wireless enabled if you
are hard wired, from a security standpoint their is no good reason to
have both enabled) Agreed?

Not literally Neill. If you have one interface and in one LAN and
another nic in another LAN, and your wireless side is compromised then
it can be a way into your less protected wired LAN.

This is an argument against leaving the wireless card enabled and
active on a wireless network; while being connected and active on a
wired nic. Best practice to go ahead and disable the wireless in this
case.

> are hard wired, from a security standpoint their is no good reason to
> have both enabled) Agreed?

From a security standpoint, secure the wireless connection (on the
laptop)!

It is David.

"David Taylor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) d.com...
> > are hard wired, from a security standpoint their is no good reason to
> > have both enabled) Agreed?
>
> From a security standpoint, secure the wireless connection (on the
> laptop)!

I don't think there is any standard way to do that.
You can encrypt it (with very weak and horribly broken crypto) but you can't
secure it.

Alun Harford

"fishcca" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Right, to actually be a "Router" that makes sense in a literal sense. I
> just meant that say from outside the office they can access the pc from
> the wireless lan through their snort findings or something. Then after
> they are in my pc they could go through the hardwired lan, that is wide
> open, no ACLs or anything. Routing in that sense.
>
> It seems better to always turn off the wireless if you have a cat5 lan
> connection as a security precaution ,(Why have wireless enabled if you
> are hard wired, from a security standpoint their is no good reason to
> have both enabled) Agreed?

What are you trying to secure?
If somebody has broken into your machine and can run arbitary code on the
machine, you've lost. If your machine is vulnerable on the wireless network,
it'll (almost certainly) be vulnerable on the wired network too.
It's very rare that you can assume the LAN is safe, so I don't see how
turning off the wireless helps you.

Alun Harford