[OpenWireless Tech] Securing Open Wireless
Christopher Byrd
chris at riosec.com
Thu Jul 28 22:03:34 PDT 2011
On Thu, Jul 28, 2011 at 11:16 PM, Michael Blizek
<michi1 at michaelblizek.twilightparadox.com> wrote:
> These portals will need to die at some point anyway. You have said yourself
> what kind of cache poisoning attacks will became possible. Also these portal
> are annoying and make some things hard or impossible - like mobile phones
> transparantly using them.
On the contrary, captive portals provide a mechanism to establish
acceptable use policies / terms of service as well as authentication
where desired. They're likely to be around until if/when 802.11u gains
widespread adoption.
This is another reason to adopt encryption at the network access
layer, to protect against those attacks.
> DHCP/DNS: Yes, this shows how deeply IP based VPNs need to be integrated into
> the operating system. But it surely is possible. You could set up a simple
> firewall which only lets the VPN client use the physical network. Linux has
> this thing called policy routing which allows you to define multiple routing
> tables.
That's the thing; they already are. Both Windows and Linux has IPSec
integrated at the base operating system level. It just doesn't matter;
there is traffic that has to go clear-text, and an attacker that has
full access at a lower layer is hard to defend against. That's the
point of encrypting the wireless connection - to add security at a
lower layer.
Christopher
More information about the Tech
mailing list