In an apartment building wireless is available with a login provided by the
landlord. The tenant selects the connection and is prompted for a username
and password and then has Internet access. However, it appears that the
connection is not encrypted in that the user is never asked for a WPA or
other key and Windows warns about it. I'm not very familiar with this
type of managed access and wondering how secure it is. Am I correct in
thinking that this probably is unencrypted and vulnerable to sniffing or is
it possible that there might be some kind of secure tunnel established after
the logon?
Thanks.
--

"Phil A. Buster" <x@y.com> hath wroth:

>In an apartment building wireless is available with a login provided by the
>landlord. The tenant selects the connection and is prompted for a username
>and password and then has Internet access. However, it appears that the
>connection is not encrypted in that the user is never asked for a WPA or
>other key and Windows warns about it. I'm not very familiar with this
>type of managed access and wondering how secure it is. Am I correct in
>thinking that this probably is unencrypted and vulnerable to sniffing or is
>it possible that there might be some kind of secure tunnel established after
>the logon?

If your wireless client manager indicates that the connection is not
encrypted, then you are susceptible to sniffing, session hijacking,
and impersonation. Whatever you're using for a connection manager
should show the current connection status and protocols used.

However, WPA-RADIUS does not ask for an encryption key. The encyption
key is supplied by the RADIUS server. You also authenticate with the
RADIUS server using a login and password as you described. It is one
of the most secure forms of wireless connectivity. Your connection
manager should show that you're using WPA-RADIUS or WPA2-RADIUS (also
known as WPA-Enterprise) if this is the case.

Even if your sessions are not encrypted, you can setup a VPN tunnel,
to a secure server to prevent sniffing. See the FAQ at:
<http://wireless.wikia.com/wiki/Wi-Fi#VPN>
for candidates. These are designed for secure surfing at "public"
access points.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"Jeff Liebermann" <jeffl@cruzio.com> wrote in message
news:aldpp313js22ar4qsndoti8q1batvubk11@4ax.com...
> "Phil A. Buster" <x@y.com> hath wroth:
>
>>In an apartment building wireless is available with a login provided by
>>the
>>landlord. The tenant selects the connection and is prompted for a
>>username
>>and password and then has Internet access. However, it appears that the
>>connection is not encrypted in that the user is never asked for a WPA or
>>other key and Windows warns about it. I'm not very familiar with this
>>type of managed access and wondering how secure it is. Am I correct in
>>thinking that this probably is unencrypted and vulnerable to sniffing or
>>is
>>it possible that there might be some kind of secure tunnel established
>>after
>>the logon?
>
> If your wireless client manager indicates that the connection is not
> encrypted, then you are susceptible to sniffing, session hijacking,
> and impersonation. Whatever you're using for a connection manager
> should show the current connection status and protocols used.
>
> However, WPA-RADIUS does not ask for an encryption key. The encyption
> key is supplied by the RADIUS server. You also authenticate with the
> RADIUS server using a login and password as you described. It is one
> of the most secure forms of wireless connectivity. Your connection
> manager should show that you're using WPA-RADIUS or WPA2-RADIUS (also
> known as WPA-Enterprise) if this is the case.
>
> Even if your sessions are not encrypted, you can setup a VPN tunnel,
> to a secure server to prevent sniffing. See the FAQ at:
> <http://wireless.wikia.com/wiki/Wi-Fi#VPN>
> for candidates. These are designed for secure surfing at "public"
> access points.
>
> --
> Jeff Liebermann jeffl@cruzio.com
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 http://802.11junk.com
> Skype: JeffLiebermann AE6KS 831-336-2558

Thanks! That's very helpful.