Hello,

Several person are using Wireless Network at home to access to the corporate Network. If their AP (access point) is not secure means active SSID and no password for the AP. Is it dangerous that an hacker access to the Corporate Network? How can he do that?

Thank you,

yes it is dangerous becuase that "hacker" or "script Kiddy" can hop right onto the wireless network and gain access through that users computer who is VPN'd into that corperate network or if that doesnt happen the files off of that business computer can be comprimised.

either way you want to secure all sides of your connectivity, best bet is to use a wired connection from the computer to the router/internet and then VPN in that way.

- Josh

How it can be dangerous?
Because the VPN is supposed to crypte the information between 2 points. Is it just before the person login that it is dangerous?

Thank you,

Originally posted by matrix111
How it can be dangerous?
Because the VPN is supposed to crypte the information between 2 points. Is it just before the person login that it is dangerous?

Thank you,

Nope, even though that person is logged onto the VPN its their internet connection, IE the wifi connection that is what will make it un-secure.

yes there is a secure VPN between the laptop/desktop and the corperate network but there isnt anything secureing the wireless connection from the laptop/desktop to the Acess Point, that is the vulnerable point.

A "hacker" can get ontop that un-secured wireless connection and be on teh same network at the user and can easily gain access to any computer that is using the wireless connection, even if they are using a VPN.

If when connected to the VPN a "hacker" gains access to that computer over the wifi connection the "hacker" also has access to anything on the other side of the VPN as well.

- Josh

Is the VPN putting security between Laptop & Corporate site or only from the access point to the corporate site (letting no security between the laptop and the AP)?

Thanks

Do you know where can I read more about that (books or web site)?

Originally posted by matrix111
Is the VPN putting security between Laptop & Corporate site or only from the access point to the corporate site (letting no security between the laptop and the AP)?

Thanks

A VPN is effectively a sperate network connection between the laptop and corp network, but there still is the main network connection you have to worry about first which is the wireless one.

in a wired network you have security by just having it be a wired network.

in a wireless you have to enable some form a security weather it be:

MAC address filtering
WEP
WPA-PSK
WPA-EAP
WPA2-Personal
WPA2-Enterprise

if someone has a wireless packet sniffer they wont be able to see what your doing on the VPN connection but if they make a connection to the AP itself they are now connected to the same network that your laptop is, they then can make a direct connection from their laptop to yours, and that is where the vulnerability lies.

http://forums.wi-fiplanet.com/showthread.php?threadid=4851&goto=newpost

that is a good start to learning the basics to wireless security, but really its just a matter of configureing the AP.

But basicly what you want to do is:

1.) Disable SSID boradcasting
2.) turn the power down on the AP so that it only covers the needed ares, so it doesnt bleed outside of your home
3.) Turn MAC address filtering on (it basicly creates a list of the mac address's of all the equipment you want to have useing the wireless)
4.) Enable WPA-PSK (don't use WEP, ist outdated and is no longer secure)


with those 4 settings you should be as secure at you could ever hope to be in a home wireless network setup.

- Josh

Thanks, it is very usefull.

Hey Matrix,

According to me the vpn connection cannot be established by the hacker after intruding into your wireless network i.e. he won't be able to tunnel into the concentrator or vpn termination point at the corporate side. However basic internet/network connectivity should be there for him to access your network but not the corporate side as it should be seeing this connection as an intrusion & not from a vpn client so the corporate side is safe. So get those security setting on to protect your side of the network now as umdivx has said.

Hi Josh:

You said: "...they then can make a direct connection from their laptop to yours, and that is where the vulnerability lies."

But if they have "client to client blocking" in the AP, I thought that would block the hacker from "looking" over to the other computer as you described. Not all APs have client to client blocking though.

Bob