Quantcast

Wireless security...

H8R

Cranky Pants
Nov 10, 2004
13,959
35
So if I jump onto someone's unsecured wifi, is there some way that they can do some sort of keylogging without me knowing?

(or vice versa?)


Also, how far could they bust into a system that is using their connection?


I was just thinking that setting a wifi "trap" would seem like something a clever hacker would do.


My knowledge is limited with this stuff, but I must gain more for work here. We will be broadening our wifi coverage, adding static IP and a VPN to our new server at the beginning of the year, etc. I'm trying to think of the stupidest sh1t that a sales rep could do out in the field, and how it might affect security here.
 

binary visions

The voice of reason
Jun 13, 2002
22,092
1,132
NC
Joining someone's WiFi network is exactly the same as plugging into their LAN. All traffic and data in and out (that is not encrypted) can be monitored via the router, and any insecurity in your system that would be accessible over a LAN is accessible over the WiFi network. I'm just thinking here... also, any protection offered by the router would be negated by someone being inside the WiFi network - kinda obvious, but still something to note. That is, if there is a port vulnerability that would otherwise be filtered out by the router, you would be falling back on relying on the software firewall to block it.

Encrypted traffic (https and VPN) will still appear as a stream of encrypted traffic on the router, so there shouldn't be any security concern there - the encryption is done locally on the machine.
 

H8R

Cranky Pants
Nov 10, 2004
13,959
35
What about general key logging of non-encrypted stuff? Is that possible?
 

binary visions

The voice of reason
Jun 13, 2002
22,092
1,132
NC
It's not really "key logging" since it's not a key-by-key capture of what is getting input into the local machine. Any unencrypted data that is transmitted, though, can be captured, since you just have to set up a packet sniffer at the gateway and it'll snag everything.

Most of your concerns should be alleviated, though, if you set up a VPN and force the sales people to use it. That will set up an encrypted tunnel for all data sent and received.
 

H8R

Cranky Pants
Nov 10, 2004
13,959
35
Coolness.


We are FINALLY getting a new server box here.

This one is on it's last leg. Ancient POS. We run Quickbooks Enterprise Server and Symantic on it and it's pretty much killing the OS drive with updates and definitions.

I checked it last week. Out of 6GB (yes...6) it had 3.8 megabytes free.

:twitch:

I had to dump every non-essential program, patch, log, etc to keep it from crashing and bleeding out.
 

binary visions

The voice of reason
Jun 13, 2002
22,092
1,132
NC
If it makes you feel better, I do all the office's computer and network support with a data entry position title, and while everyone else got their week's pay of a Christmas bonus, I got the temporary-employee bonus of $50 because I'm about 4 hours/week short of full time during the school year.

I've been on strike since last Christmas, though. I do what I have time to do, dress how I feel like dressing, and don't offer up any solutions to the ridiculous inefficiencies that exist here.
 

BadDNA

hophead
Mar 31, 2006
4,257
231
Living the dream.
I've been on strike since last Christmas, though. I do what I have time to do, dress how I feel like dressing, and don't offer up any solutions to the ridiculous inefficiencies that exist here.
I did that at my last job. I'd been given more and more responsibility to the point of being the "site" IT guy (file servers, print servers, local backups, desktop support, etc.) for the company's corporate HQ (corporate systems, mail, web server etc were handled by a different group) while still holding a desktop support title and pay grade. I kept asking my boss for over 6 months for a position review, title update, list of responsibilities etc to no avail. I finally got so fed up with it I printed out the HR job description for desktop support, hung it prominently in my cubicle and flat-out refused to do anything that wasn't part of the job description. My stress level went waaaaay down, I had a lot more time outside of the office and was much happier in general. I got away with that for another six months or so before I left for my current job.