Security Basics mailing list archives
RE: Wireless access
From: "Dante Mercurio" <Dante () webcti com>
Date: Mon, 29 Mar 2004 08:58:33 -0500
Robert, This is tricky. The problem is not implementation, but making management understand that an unsecured connection to the Internet may leave the company liable for what happens over it, even if they can't access your internal network. For example, imagine a drive-by scanner gets your unsecured access point from the parking lot. He then proceeds to use your Internet connection to distribute the latest unreleased Britney Spears video. Who do you think they are going to go after? I'm no lawyer, but I do know there is a burden to prove 'Due Diligence' in protecting your network, and an unsecured wireless (even on a DMZ) may leave you open to litigation. The solution I've used in this situation is to implement EAP authentication to a RADIUS server with the access point on the DMZ. When the client connects, they are prompted for a username and password that authenticates against the RADIUS server. Once authentication occurs, they are associated with the AP and encryption keys are distributed automatically. No need to copy huge WEP keys over, and no need to add MAC addresses to the AP. No need to touch the client, you just give them the logon info. The only drawback is that legacy clients may not work. Good Luck, M. Dante Mercurio dante () webcti com Consulting Group Manager Continental Technologies, Inc www.webcti.com -----Original Message----- From: Robert Mezzone [mailto:Robert.Mezzone () PJSolomon Com] Sent: Friday, March 26, 2004 4:42 PM To: security-basics () securityfocus com Subject: RE: Wireless access How do you handle wireless network security in a corporate environment? A couple of the people here want me to setup a wireless network so visitors can setup there laptop in a conference room, or anywhere in the office and connect to the network, internet not our internal network. I'm not to comfortable with this idea but I don't have the final say. It sounds like I would have to leave MAC access control turned off, or obtain the users MAC address then enter it into control list, and also provide the visitor with the SSID and the WEP password. Am I correct in this assumption. Wireless networking was suppose to make things easier in their eyes. Unless I leave everything wide open it's probably easier to plug an Ethernet cable in the PC. -----Original Message----- From: Peter Martin [mailto:Peter.Martin () macquarie com] Sent: Friday, March 26, 2004 12:45 AM To: Paul John Summers; security-basics () securityfocus com Subject: RE: Wireless access Most, if not all wireless access points and/or routers will have built-in MAC access control. Usually very simple - just turn it on and add the addresses you wish to allow access. The problem is, like you said, that it is very easy to spoof a MAC address and get around this security. However, for home users, setting an SSID (and NOT something recognisable like "John Smith Home Internet Share"), turning on WEP (or WPA if the devices support it) encryption with a non-easily guessed password, and setting MAC access control; should be more then enough for a user to feel safe. Regards, Peter Martin Network Engineer -----Original Message----- From: Paul John Summers [mailto:paul_john_summers () hotmail com] Sent: Friday, 26 March 2004 6:27 AM To: security-basics () securityfocus com Subject: RE: Wireless access And addendum to that question, do any wireless routers contain tools so that you can block all but specific hardware addresses? That is, my home wireless router would block all but my hardware address, much like hard-wired networks often require registration of hardware addresses before allowing a new system to access it. I do believe there are methods of spoofing hardware addresses but that aside, do wireless routers have capabilities for this sort of thing that a home user could easily administer to better secure their home network? Disclaimer: I'm also a newbie so please forgive any misconceptions or false assumptions! From: "Bruyere, Michel" <mbruyere () ezemcanada com> To: security-basics () securityfocus com Subject: Wireless access Date: Thu, 25 Mar 2004 08:36:05 -0500 Hi, I have a user who uses a wireless network at home. He just asked me (it's a director) to find a way to avoid his laptop (Toshiba tecra running XP Pro) connecting on the neighbor's router instead of his. He has a D-Link 614+, I don't know this model at all so I'm asking you guys if you know a way to restrict his laptop to only HIS router. As you can see, I'm not very familiar with Wireless :/ Thanks for any inputs M.Bruyere Network/systems administrator CompTIA A+, Network+ ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- _________________________________________________________________ Get rid of annoying pop-up ads with the new MSN Toolbar - FREE! http://toolbar.msn.com/go/onm00200414ave/direct/01/ ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Wireless access, (continued)
- RE: Wireless access Kenton Smith (Mar 29)
- RE: Wireless access Joe Thompson (Mar 30)
- RE: Wireless access Kenton Smith (Mar 29)
- RE: Wireless access Rosado, Rafael (Rafael) (Mar 26)
- RE: Wireless access William D. Menzie (Mar 26)
- RE: Wireless access Rosado, Rafael (Rafael) (Mar 26)
- RE: Wireless access Judie Ayoola (Mar 26)
- RE: Wireless access Eric Brown (Mar 26)
- What Are These Shares(Remote Admin/Remote IPC)? Mark Sargent (Mar 29)
- Re: What Are These Shares(Remote Admin/Remote IPC)? Alex Lomas (Mar 30)
- What Are These Shares(Remote Admin/Remote IPC)? Mark Sargent (Mar 29)
- RE: Wireless access Rosado, Rafael (Rafael) (Mar 29)
- RE: Wireless access Dante Mercurio (Mar 29)
- Re: Wireless access dries (Mar 30)
- RE: Wireless access Keith T. Morgan (Mar 29)
- RE: Wireless access Robert Mezzone (Mar 30)
- RE: Wireless access Mitchell Rowton (Mar 30)
- RE: Wireless access Cesar Osorio (Mar 30)
- RE: Wireless access Phillip McCollum (Mar 31)