[unisog] VPN Protection of Wireless Networks

Gary Flynn flynngn at jmu.edu
Thu Dec 13 21:45:25 GMT 2001


"Jose A. Dominguez" wrote:
> 
> On Thu, 13 Dec 2001, Gary Flynn wrote:
> 
> > In October I asked about vendor lockins on various security options
> > for wireless networks.  VPN protection was mentioned quite often.
> > From my reading, effective VPN protection would require each individual
> > user to have a unique key or digital certificate. Are people actually
> > doing that? If so, how are you handling the administration of handing
> > out and revoking keys and certificates? What, if anything is done to
> > educate the end user of the importance of keeping them secret?
> 
> Having certificates would be nice but it's not arequirement. You can do
> that with Radius and standared username/password pairs. It'll all depend
> on what tunnel termination device you use.

If a shared key is used to connect to the VPN concentrator before
authentication, doesn't this leave the subsequent authentication
credentials up for grabs in a MIM attack from anyone else with
the shared key?

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe



More information about the unisog mailing list