Solved

Explaination of secure access with SSL and VPN

Posted on 2006-10-26
6
297 Views
Last Modified: 2010-04-11
So let's say you are at an airport, no encryption on the wireless link, but you use a VPN client such as Cisco, or connect to web sites using SSL. Does this  mean you are secure?/ And you can disregard the WEP or WAP security from the wifi device?  If someone is sniffing, is it all encrypted?
0
Comment
Question by:shankshank
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 100 total points
ID: 17813938
it is secure if you are using ssl or ipsec (vpn) the traffic is encrypted and nobody can see it (or at least it is very very very difficult (almost impossible) that somebody can decrypt it)
0
 
LVL 5

Author Comment

by:shankshank
ID: 17813950
and adding wep or wap into mix is another layer of higher security?
0
 
LVL 3

Expert Comment

by:mahe2000
ID: 17814279
it is not extremely significant once you use IPSec, a little more for SSL, if you can choose use WAP and if you can add it 802.1x features.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Accepted Solution

by:
bsautter33 earned 250 total points
ID: 17814732
There's a wiki for this at:
http://en.wikipedia.org/wiki/Virtual_Private_Network

Think of your communications over the internet (or wifi) as cars going through a mountain tunnel. If you don't shore up the tunnel with braces, it's going to collapse and rocks will get into your tunnel. But if the tunnel is properly secured, cars going through it will be safe.

Likewise you can make a VPN connection from your laptop through most anything (wifi, internet, lan, ...), but in it's raw form, it's an unsecured tunnel. If it's not secured properly, people can get in. If you use ipsec or SSL it will protect your communications by making a hardened, resistant tunnel. No matter where it goes, or over what computer it passes, it's going to be very difficult to break.

Now WEP or WAP creates a (somewhat) secure tunnel between you and the wifi device. But once hitting the internet, your tunnel is wide open. Should you disregard WEP or WAP on wifi? Yes, if you have setup some form of encryption on your VPN, you're just making a secured tunnel within a secured tunnel. True, nothing will even get through, but it's overly redundant.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 150 total points
ID: 17815977
WEP and WPA are an added bonus to SSL and or Encrypted VPN tunnel, your very safe even without WEP/WPA. If your VPN uses a split-tunnel, internet traffic, like google.com, IM, hotmail etc... will go over the wep/wpa wifi access point, and internal traffic like company exchange email, or connecting to a shared drive/printer on the corporate lan, that traffic will go over the VPN tunnel. If you connect to an SSL site on the internet, and are split tunneling your secured by SSL.
-rich
0
 
LVL 5

Author Comment

by:shankshank
ID: 17889438
Thanks for the input guys.

Yeah as a system admin I wanted to make sure that when I'm say in an airport and login with my domain admin user account on a open unencrypted Wifi access point, that no one could sniff what I am doing since I am browsing SSL 128bit secured sites.


Thanks again!
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question