Jump to content

Security


jdogherman
 Share

Recommended Posts

with all this concern about security it amazes me that we dont have encryption on the management ssid NOR SSL on the web traffic..

Out of the box I guess you could do an shell connection with port forwarding.

So the moral of the story is think carefully about changing the root password to something that is familiar to you as it is transmitted in clear text.

Link to comment
Share on other sites

Future security solutions...

  • limit http and ssh access to certain hosts
  • add encryption to a new management ssid
  • enable ssh & http to only eth0 interface
  • enable SSL on http access / https
  • only permit management though ssh access (restrict http access to all but lo)
  • build web user access who is not root
  • disable root access, make user escalate for SU rights

Just brainstorming ideas

Link to comment
Share on other sites

the problem i see is what happens when you are using this hacker tool near other hackers?

The intended use for the Pineapple is penetration testing though, so it should be unlikely.

BUT non the less, some of these features will be added in the next bigger version.

Best,

Sebkinne

Link to comment
Share on other sites

  • 2 months later...

The intended use for the Pineapple is penetration testing though, so it should be unlikely.

Our use of Pineapple is not for pen testing, troubleshooting networks or hacking; we'd just as soon see those features able to be hidden. I'm glad to see that some of the suggestions made will be in the next release.

Edited by farfel
Link to comment
Share on other sites

Our use of Pineapple is not for pen testing, troubleshooting networks or hacking; we'd just as soon see those features able to be hidden. I'm glad to see that some of the suggestions made will be in the next release.

Not to sound too much like an ass, but if you're not using the Pineapple for pen testing, troubleshooting networks, or hacking, what are you using it for??? :huh:

Link to comment
Share on other sites

Not to sound too much like an ass, but if you're not using the Pineapple for pen testing, troubleshooting networks, or hacking, what are you using it for??? :huh:

The Pineapple is to be located at conferences, seminar rooms etc. All Wi-Fi connections to the Pineapple are directed to its internal webserver. The web content is attendee materials such as speakers' papers and event schedules. We've done this with other hardware but are checking out whether Pineapple is good for this purpose.

Link to comment
Share on other sites

The Pineapple is to be located at conferences, seminar rooms etc. All Wi-Fi connections to the Pineapple are directed to its internal webserver. The web content is attendee materials such as speakers' papers and event schedules. We've done this with other hardware but are checking out whether Pineapple is good for this purpose.

It will be as it gives you a lot of ways to handle exactly that. To secure it, I will be adding encrypted fs, https and so on.

Best Regards,

Sebkinne

Link to comment
Share on other sites

The Pineapple is to be located at conferences, seminar rooms etc. All Wi-Fi connections to the Pineapple are directed to its internal webserver. The web content is attendee materials such as speakers' papers and event schedules. We've done this with other hardware but are checking out whether Pineapple is good for this purpose.

Cool!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...