RE: Any Intrusion Detection Appliances handle wired and wireless networks?

["Rob Shein" <shoten () starpower net>]

Alright.  I can barely believe that someone just suggested using a bare
operating system with a wireless card as an IDS...and that the moderator
allowed it through.

I'd suggest that the solution lies more in sensor placement; attacks that
come across wireless networks will be the same as those coming from wired
networks.  There are a few exceptions, like some DoS attacks against Access
Points, like those described my Schiffman in a talk at BlackHats '02
(http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html#Mike%20D.%20
Schiffman), but those make themselves fairly obvious.  Attacks against WEP
using airsnort, for example, aren't really detectable, as they are passive.
Everything else will be the same as a wired attack, so make sure your IDS
sensors can see everything that comes over the Access Points and you should
be in good shape.

> -----Original Message-----
> From: mike.jablonski () abnamrousa com 
> [mailto:mike.jablonski () abnamrousa com] 
> Sent: Wednesday, March 03, 2004 2:38 PM
> To: Gary.Freeman () rci rogers com; focus-ids () lists securityfocus com
> Subject: RE: Any Intrusion Detection Appliances handle wired 
> and wireless networks?
>
>
> OpenBSD!!!!!!!!!!!!!!!  Throw in a wireless card.
>
> It's free.  If you have some old hardware laying around 
> (doesn't take much).....  Makes for the perfect system!
>
> -----Original Message-----
> From: Gary Freeman [mailto:Gary.Freeman () rci rogers com] 
> Sent: Wednesday, March 03, 2004 1:03 PM
> To: focus-ids () lists securityfocus com
> Subject: Any Intrusion Detection Appliances handle wired and 
> wireless networks?
>
>
> Hi there,
> Does anyone know of any combined solutions for and appliance 
> that will passively monitor the wired network while 
> monitoring for wireless activity as well?  The reason I'm 
> asking is that I have one budget and if I can combine both 
> technologies in one box (snort and airsnort-based) I could 
> get approval.
>
> I need the wireless monitoring in our data-centers along with 
> the IDS so that if any rogues connect to the network they 
> will be picked up and send an alert back to the SEC-admins.
>
> Cheers,
>
> Gary Freeman
> Network Security Specialist
>
> --------------------------------------------------------------
> -------------
> Free 30-day trial: firewall with virus/spam protection, URL 
> filtering, VPN, wireless security
>
> Protect your network against hackers, viruses, spam and other 
> risks with Astaro Security Linux, the comprehensive security 
> solution that combines six applications in one software 
> solution for ease of use and lower total cost of ownership.
>
> Download your free trial at 
> http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
> --------------------------------------------------------------
> -------------
>
> --------------------------------------------------------------
> -------------
> Free 30-day trial: firewall with virus/spam protection, URL 
> filtering, VPN, wireless security
>
> Protect your network against hackers, viruses, spam and other 
> risks with Astaro Security Linux, the comprehensive security 
> solution that combines six applications in one software 
> solution for ease of use and lower total cost of ownership.
>
> Download your free trial at 
> http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
> --------------------------------------------------------------
> -------------


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------