 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Tue, Nov 17, 2009 at 3:28 PM, Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org> wrote: >... > I'm looking for some reasons why this might be a bad thing, but I don't > know any technical reason not to allow this, at least when there is a > single default route. >From a security perspective, this is a potential problem. Your laptop is now a connection between two (potentially different) networks with different security profiles. In some ways, it's equivalent to the old problem of people attaching modems to their desktop computer which was connected to the corporate network. They would set up their desktop to allow remote login so they could access work files from home. Attackers would war dial people's extensions looking for open modems. Exploiting your dual interface machine would be more complicated as it would require setting up a nearby rogue wireless access point to which your laptop would connect while you had a wired connection to the corporate network. At a minimum, you should make sure that your laptop isn't set up to forward packets between the interfaces. Not doing so would allow network connections between the two different interfaces without dealing with any host based authentication on your laptop at all. Bill Bogstad
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
