Security Basics mailing list archives
ssh - AN Security, Authentication, and more...
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Tue, 11 May 2004 08:01:41 -0700 (PDT)
hi ya
tom jones wrote: | Hello, | 1. Security Controls | What have you seen / implemented as a standard for | wireless security? I know LEAP is out of the question | due to the dictionary attack vulerability. Possibly | PEAP or some other 802.1x standard? If you are in an environment which needs to be highly secured, you may want to use something like IPSec.
"others" http://www.linux-sec.net/Wireless/Differences/
| Authentication - I usually see authentication through | the DMZ to a back end Radius or Active Directory | server. Any other options? I have heard good things about NoCatAuth, although I have no used it yet. Maybe others on the list can comment on that.
dumb quetion: what's wrong with simple ssh logins for "authentication" ? lptop ssh's into the linux-based-access-point with only sshd
| 2. How have you detered users from using their | laptops at the local coffee shop?
imho, i'd add colos, vpns and hotels to the list as someone else ( next to you ) can follow you into the secure corp network from an insecure colo/starbucks/home
I understand the need to be secure, but I think this is being over paranoid.
its not an issue until the cracker happens to read "somebody important's" email or passwd or see the contents of their disks
As long as you can assure the connection is secure,
that's the whole point .... wireless is completely insecure and cracked
| 3. Rogue Wireless Detection - I have done much | reading on this subject and would like to know how you | all tackle this issue. Some suggest cool toys like | AirDefense, etc. Others suggest some sort of MAC | monitoring on switches/routers.
mac address is worthless and is reconfigurable
I am a fan of walking | around with Kismet every few weeks. The major issue I | have encountered with walking around is the problem of | neighboring buildings (in a downtown environment).
and you find interesting stuff ??
| It's easy enough to find the APs you know about, but | finding a rogue AP connected to your network becomes a | challenge with all of the other APs popping up.
and if you break into one ap, you can probably break into toher equivalent AP since its around by the gazillions and is made by a handful of manufacturers all using bad defaults have fun alvin --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- WLAN Security, Authentication, and more... tom jones (May 10)
- Re: WLAN Security, Authentication, and more... James Kelly (May 10)
- ssh - AN Security, Authentication, and more... Alvin Oga (May 11)
- Re: ssh - AN Security, Authentication, and more... James Kelly (May 11)
- ssh - AN Security, Authentication, and more... Alvin Oga (May 11)
- <Possible follow-ups>
- RE: WLAN Security, Authentication, and more... Giddens, Robert (May 10)
- RE: WLAN Security, Authentication, and more... Josh Mills (May 10)
- RE: WLAN Security, Authentication, and more... Joerg Over Dexia (May 11)
- Re: WLAN Security, Authentication, and more... Sandy Carr (May 11)
- Re: WLAN Security, Authentication, and more... James Kelly (May 10)