Options

Is this network safe?

WhiteoutWhiteout Member Posts: 248
in Off-Topic
I was working on the network at a family friends store the other day and ran into something I questioned:

They have an insecure wireless network inside their firewall that customers use. Does this pose a security threat? Seems to me this could be used as an entrance into the network, yes?

Thanks!
Never stop learning.
· Share on FacebookShare on Twitter

Comments

  • Options
    dave330idave330i Member Posts: 2,091 ■■■■■■■■■■
    If its on a separate VLAN and the firewall's setup so that wifi doesn't have LAN access, should be ok.
    2018 Certification Goals: Maybe VMware Sales Cert
    "Simplify, then add lightness" -Colin Chapman
    · Share on FacebookShare on Twitter
  • Options
    dustinmurphydustinmurphy Member Posts: 170
    I would say it depends largely upon how it's configured. There are some wireless router manufacturers that setup a "guest net" wifi connection that has it's own specific firewall rules.

    GENERALLY speaking, however... having any type of unsecured wifi connected to a network is unsafe. Not only can ANYONE get into their network and steal data... but anyone can use their internet connection for illegal purposes... possibly making them liable for damages.
    · Share on FacebookShare on Twitter
  • Options
    demonfurbiedemonfurbie Member Posts: 1,819
    Whiteout wrote: »
    I was working on the network at a family friends store the other day and ran into something I questioned:

    They have an insecure wireless network inside their firewall that customers use. Does this pose a security threat? Seems to me this could be used as an entrance into the network, yes?

    Thanks!

    it depends ...

    i have setup places that want public internet as well as work network

    what i tell them is to get a 2nd isp ( use as a backup isp ) and setup the free wifi on it, with a separate vlan just for wifi
    wgu undergrad: done ... woot!!
    WGU MS IT Management: done ... double woot :cheers:
    · Share on FacebookShare on Twitter
  • Options
    WebmasterWebmaster Admin Posts: 10,292 Admin
    Whiteout wrote: »
    Does this pose a security threat?
    Anything "insecure" and especially an insecure wireless network is likely to pose a security threat.
    Whiteout wrote:
    Seems to me this could be used as an entrance into the network, yes?
    Theoretically someone unauthorized yes. Especially if someone can connect to the WiFi network from outside the building, e.g. if the signal extends beyond the area where it should be used.

    Regardless, the customers themselves pose a security risk to each other if they connect to the same insecure WiFi network. Someone might pretend to be a customer and run a sniffer after connecting to the network, perform man-in-the-middle attacks, rogue access points/evil twin attack, etc. A public WiFi spot should be secured nonetheless, not necessarily to authenticate users but to allow them some privacy on the WiFi network - just publish / hand out the password/key.
    LinkedIn - FaceBook
    · Share on FacebookShare on Twitter
  • Options
    WhiteoutWhiteout Member Posts: 248
    Well, they have two stores. The other store has the same setup, but their "public" WiFi is secured. The password to the WiFi is printed on the receipts when somebody buys a sandwich or something. Not not sure how often it changes, might be weekly. They plan on doing this at the new store as well.

    I am not exactly sure how their network is all set up, as all I was doing was adding a range extender to their "public" WiFi to extend the range to the dining area.

    I do know that they have a T1 line coming into the store. Then they have their router/firewall -> switch -> two wireless routers (one for public use / one for the POS system) and a server and also cat5 going to different lan drops around the office.

    I should do some more investigation, would be a fun project.

    Oh and thanks everybody for the insight.
    Never stop learning.
    · Share on FacebookShare on Twitter
  • Options
    SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    no problem, also I dont know how relevant this is, but since ive seen vlans mentioned here, I have heard of a technique called vlan hopping. I dont know how it is execurted, or how widespread it is, just something to be aware of.
    http://www.ethicalhacker.net/forums/index.php - sectestanalysis.blogspot.com
    · Share on FacebookShare on Twitter
  • Options
    TrifidwTrifidw Member Posts: 281
    SephStorm wrote: »
    no problem, also I dont know how relevant this is, but since ive seen vlans mentioned here, I have heard of a technique called vlan hopping. I dont know how it is execurted, or how widespread it is, just something to be aware of.

    It's fairly simple to protect against VLAN hopping.


    For reference, I was looking at setting up a guest network at work which would be an open network but the traffic would get securely delivered into a DMZ with no access back into the main work network.
    · Share on FacebookShare on Twitter
  • Options
    dustinmurphydustinmurphy Member Posts: 170
    Trifidw wrote: »
    It's fairly simple to protect against VLAN hopping.


    For reference, I was looking at setting up a guest network at work which would be an open network but the traffic would get securely delivered into a DMZ with no access back into the main work network.

    Yeah, with good equipment (i.e. not cheap home routers) it's fairly easy to protect against this. I just setup an ACL that only allowed access to the internet for our guest wireless... it wouldn't allow ANY access to our other VLAN's. :)
    · Share on FacebookShare on Twitter
Sign In or Register to comment.