Repository : ssh://git@diktynna/doc
On branches: backup-redmine,main
>---------------------------------------------------------------
commit b380c08ecc0ac0be627495c51d2aa2199f1752f1
Author: Linus Lüssing <linus.luessing(a)c0d3.blue>
Date: Mon Jul 8 12:53:59 2024 +0000
doc: open-mesh/OpenHarbors
>---------------------------------------------------------------
b380c08ecc0ac0be627495c51d2aa2199f1752f1
open-mesh/OpenHarbors.textile | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/open-mesh/OpenHarbors.textile b/open-mesh/OpenHarbors.textile
index d119eabb..1bcaf4cc 100644
--- a/open-mesh/OpenHarbors.textile
+++ b/open-mesh/OpenHarbors.textile
@@ -72,8 +72,31 @@ Or in other words, move the 802.1x authenticator from the AP to a remote host of
h2. Scenario B) Hospital/University/Company/...
+!university-server-room-scenario-traditional.png!
-h3. (Additional) Use-cases & Benefits
+* An exposed AP, visible/reachable by visitors
+* A server with sensitive data
+* Authorized employees/students/... accessing the server via WPA Enterprise from their laptop
+
+h3. Issue
+
+# Via easy social engineering (e.g. putting on the right cloths, suitcase, a ladder):
+** can get physical access to the AP
+# Can then copy the AP's flash and extract RADIUS credentials
+# Can then replace with a rogue Man-in-the-Middle AP or install a backdoor
+** If no extra encryption/authentication is used between AP<->server then can also simply add a snooping device between AP and wire
+# Now has access to sensitive data in the locked server room
+
+h3. Solution
+
+!university-server-room-scenario-tunneled.png!
+
+# Like in scenario A), move the authenticator from the AP into the server room
+# Client device will have encrypted communication into the server room, AP + wire becomes part of the untrusted medium
+# No potential to Man-in-the-Middle from outside the server room
+# Attacker now *needs a physical key* to the server room to get the sensitive data
+
+h2. (Additional) Use-cases & Benefits
This proposed, dynamic solution yields the following, additional interesting opportunities: