[Cialug] Wired and Wireless security differences

Brandon Griffis brandongriffis at gmail.com
Tue Dec 18 10:31:06 CST 2007 

The short answer is no.

SSL uses public/private keys to encrypt/decrypt data.  There's a bit more
going on but that's the simplistic explination.  (Long Explination here:
http://en.wikipedia.org/wiki/Transport_Layer_Security ) Public keys are the
only then ever transmitted.  So in the example of a newegg.com purchase, a
man in the middle would be able to sniff your public key and newegg's public
key but that wouldn't do them any good as you can't decrypt with the public
key.

Wireless, arguably, might add 1 more avenue for someone to sniff traffic but
it still doesn't make you any less safe when using SSL, because they would
still only have access to your public key.  Esp considering that only a few
people might be in close enough proximity to pick up your wireless signal,
but there are more than likely hundreds on your network node if you're
connected via cable that could sniff the traffic and never even have to
waste the 2-5 minutes to crack your wep key.

Wireless is less secure in that people can gain access to your internal
network without having to have physical access to your internal network
which exposes your computers without a hardware firewall, but that's a whole
other security topic (trojans, worms, keyloggers, bruteforce, overflow...).

-B

On Dec 17, 2007 3:15 PM, Nathan C. Smith <nathan.smith at ipmvs.com> wrote:

>
> Today somebody challenged my (perhaps falsely held) belief that an SSL
> transaction over wireless was equivalent to SSL over wired.  Is there an
> appreciable difference between the two?
>
> What if WEP or WAP is involved?  Has anybody here actually cracked their
> own
> WEP or WAP just to see what is involved?  I had been thinking of it as a
> bicycle lock, but perhaps it is even less?  Are any of the workplace
> wireless products like from Cisco etc. now using VPNs or more advanced
> encryption to encrypt wireless communications further than WAP?
>
> -Nate
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20071218/3bb58013/attachment.html

More information about the Cialug mailing list