New Zealand ADSL Mailing List


RE: Nokia mystery modem..

From: rob.edkins_at_axon.co.nz
Date: Thu, 7 Sep 2000 12:34:39 +1200
Message-ID: <42CCA0F98530D111A77900805F0D52B3024B64E4@ax-akl-exchange.axon.co.nz>

>
> > Not exactly, if it's ordinary 802.11 then it will use some
> kind of frequency
> > hopping in the 2.4 Ghz band. Either straight sequencing or random.
>
> The PDF file says:
>
> "Air interface security WEP (RC4) encryption up
> to 128-bit keys".
>
> That should make it more secure than standard Ethernet cabling, which
> isn't shielded.

I missed that bit. Cool, that takes care of the local media, but we seem to
be talking about security from two different perspectives.

You guys are worried more about physiccal security and local snooping, which
doesn't particularly concern me. As you rightly say, there are sufficient
mechanisms in place to take care of that bit, and in any case it's generally
fairly low power and short range for WLAN gear. (Like your cordless
phone...It HAS to be otherwise you get overlaps).

> > Doesn't look any better than the M10/M11 in that regard.
>
> Well, I'd like to have ACLs and stuff, but it doesn't seem to
> me that the
> M10/11 are particularly insecure. Unless of course you know
> something I
> don't?
>
>
So how exactly does your Nokia protect you from a trojan you collected via
http from a valid website quietly connecting out by itself, or being
activiated from more embedded commands on another web page?

How does it notify you if someone is chipping away at it with vulnerability
scanner?

For individual home use it's probably OK, but many people on this list and
business customers I've dealt with have indicated that they want a more
comprehensive Internet security solution than that provided by the plain old
Nokia M10/11.

Auditable security policy, better bi-directional traffic control, hardened
kernel, IPSec VPN capability, logging and alerting.....all the stuff we've
discussed here before.

Using the Wireless option on these things is like plugging your PC's
directly into the existing M10/11. Sure, you can pinhole only certain
inbound stuff to particular boxes but personally I prefer to take it through
a real firewall first.

Rob

This message is part of the NZ Broadband mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Thu Sep 7 12:35:31 2000


This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:06 2006 EST