WIFI rules / sniffing

I am not an expert on wireless but is there any concern of allowing your staff to connect corporate laptops/handhelds to public access points and accessing remote services like VPN, Citrix, Corporate Webmail etc – all of which will require authentication via domain credentials (username/password)? When I say public access points I mean stuff like if they took their corporate laptop to the shopping mall or airport which often have free Wi-Fi, are these networks secure to browse corporate services, if not how can your traffic be intercepted (can other users connected to the access point use sniffers to obtain your passwords, or is that not possible and the keylogger/sniffer would need to be on the AP itself?
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Fred MarshallPrincipalCommented:
It's a valid concern and good that you ask.
Check with the service provider about login security measures.
The login exchange with such services should be encrypted to mitigate this concern.
Likely the login is via https.
For example, go to Citrix' www.fastsupport.com and see that the login page that opens is https and not just http.

Look up https on Wikipedia.

This is unlikely the biggest worry though:
The computers in question are going to be on an open network - at least you have to assume that's the case.  So you will want to have an effective firewall running on that computer to thwart attempts to hack into the computer itself.
Here's a page I found at random on this topic:
http://news.cnet.com/8301-13554_3-9941355-33.html

On a related topic:
The best security comes with long, complicated, random passwords - to prevent decryption in our lifetime.  So, "johnsmith" is *not* such a good password/passphrase as it can be decrypted in a short amount of time - if one can get access to the login page and depending on how the login behaves: i.e. is it slow or fast?  Does it lock out after a number of unsuccessful tries? etc.

And, passwords must be kept secure themselves - or it won't matter *how* long they are!  So, commit them to memory, hide your keyboard when typing them in, etc.  Of course, the better they are the less likely you can commit them to memory.  Change them often - is often recommended.  It assumes that the passwords can and will be compromised at some point.  Just like changing the locks in your home or building.

Consider this:

The English alphabet has 26 lower case characters and 26 upper case letters.  
- A password of 6 lower case characters has 309 million combinations.   And, of those combinations, easy to remembers *words* are easier to determine than random sequences.
- A password of 8 lower case characters has 208 billion combinations.  
- A password of 8 upper and lower case characters plus 10 numerals has 218 trillion combinations.  
- A password of 12 upper and lower case characters plus 10 numerals has 3.2 X 10^21 (3 billion trillion) combinations.  
So, a compromise is to have a password that is made up of letter sequences that mean something to you but look like nonsense to others.  Use upper and lower case liberally in no "normal" way.  Add some numerals.

This is why logins require things like: "a minimum of 8 characters, at least one numeral, at least one upper case, etc."

Let's say that you live in Portland but your secret lover lives in Seattle.  Seattle airport is SEA.
You met on May 3rd in Las Vegas whose airport code is LAS.  You had steak for dinner.  Not too hard to remember, eh?  So a "reasonable" password might be based on the sentence: "I met Ms. "Seattle" on May 3rd in Las Vegas and we had steak for dinner."

sEa0503LaSsTeaK

That's 15 characters with 7.7 X 10^26 combinations - diminished by the fact that there is a real word and some real 3-character "symbols".  Of course, the length and placement of these things are unknown so it's still tough to brute-force determine.  All you really have to remember is the upper/lower case sequence.  You'll find that it's easy to remember the sequence after using the password a few times.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.