[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 321
  • Last Modified:

Explaination of secure access with SSL and VPN

So let's say you are at an airport, no encryption on the wireless link, but you use a VPN client such as Cisco, or connect to web sites using SSL. Does this  mean you are secure?/ And you can disregard the WEP or WAP security from the wifi device?  If someone is sniffing, is it all encrypted?
0
shankshank
Asked:
shankshank
3 Solutions
 
mahe2000Commented:
it is secure if you are using ssl or ipsec (vpn) the traffic is encrypted and nobody can see it (or at least it is very very very difficult (almost impossible) that somebody can decrypt it)
0
 
shankshankAuthor Commented:
and adding wep or wap into mix is another layer of higher security?
0
 
mahe2000Commented:
it is not extremely significant once you use IPSec, a little more for SSL, if you can choose use WAP and if you can add it 802.1x features.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
bsautter33Commented:
There's a wiki for this at:
http://en.wikipedia.org/wiki/Virtual_Private_Network

Think of your communications over the internet (or wifi) as cars going through a mountain tunnel. If you don't shore up the tunnel with braces, it's going to collapse and rocks will get into your tunnel. But if the tunnel is properly secured, cars going through it will be safe.

Likewise you can make a VPN connection from your laptop through most anything (wifi, internet, lan, ...), but in it's raw form, it's an unsecured tunnel. If it's not secured properly, people can get in. If you use ipsec or SSL it will protect your communications by making a hardened, resistant tunnel. No matter where it goes, or over what computer it passes, it's going to be very difficult to break.

Now WEP or WAP creates a (somewhat) secure tunnel between you and the wifi device. But once hitting the internet, your tunnel is wide open. Should you disregard WEP or WAP on wifi? Yes, if you have setup some form of encryption on your VPN, you're just making a secured tunnel within a secured tunnel. True, nothing will even get through, but it's overly redundant.
0
 
Rich RumbleSecurity SamuraiCommented:
WEP and WPA are an added bonus to SSL and or Encrypted VPN tunnel, your very safe even without WEP/WPA. If your VPN uses a split-tunnel, internet traffic, like google.com, IM, hotmail etc... will go over the wep/wpa wifi access point, and internal traffic like company exchange email, or connecting to a shared drive/printer on the corporate lan, that traffic will go over the VPN tunnel. If you connect to an SSL site on the internet, and are split tunneling your secured by SSL.
-rich
0
 
shankshankAuthor Commented:
Thanks for the input guys.

Yeah as a system admin I wanted to make sure that when I'm say in an airport and login with my domain admin user account on a open unencrypted Wifi access point, that no one could sniff what I am doing since I am browsing SSL 128bit secured sites.


Thanks again!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now