IDS mailing list archives
RE: Scan for "outsider" Pcs on network
From: "Craig Wright" <cwright () bdosyd com au>
Date: Tue, 21 Mar 2006 07:48:35 +1100
And even better they enable the firewall and NAT features. So there is only the single MAC address. This MAC being set to look like a valid address from the network. Craig -----Original Message----- From: auto62996 () hushmail com [mailto:auto62996 () hushmail com] Sent: 20 March 2006 8:56 To: focus-ids () securityfocus com Subject: Re: Scan for "outsider" Pcs on network On Fri, 17 Mar 2006 Eagle Fire <tlecuauhtli () googlemail com> wrote:
Yes, but the hub must be deployded by someone who has a username
and
password to connect to your network.
Why? What do I need a username and password for?
It is like you won´t use keylocks in the door just because
someone can
lend the key to some one not authorized.
Terrible analogy (but aren't they always?). Let's try again. I'm a cleaner in an office. Rather than the $10 hub I splash out and buy a $30 wireless hub and router. One evening, I unplug a network printer and attach my router to the network and the printer to the router. Stick it under a table or behind a filing cabinet and in most offices no one will have a clue that it is there. The whole street now has access to your network and 802.1x won't help you one bit. How does that fit your analogy?
So for me, wireless and wired is the same.
But not for me and, I suspect, most other security analysts which is why this thread is interesting and I haven't just given up. I really would like to know what other people are doing to address the issue. There are a few products, such as Cisco's NAC or Sygate's Enterprise Protection, but how well do they address the problem and how much better than straight 802.1x are they? Is there something better and cheaper? [...]
On 15/03/06, auto62996 () hushmail com <auto62996 () hushmail com>
wrote:
802.1X works quite well in a wireless environment where there
is
continual authentication of the client but it can be subverted
on a
wired LAN simply by using a $10 hub. Attaching a legitimate
device
to the hub will keep the switch port open and allow anything
else
you connect to the hub to access the LAN. -----Original Message----- From: Eagle Fire [mailto:tlecuauhtli () googlemail com] Sent: 13 March 2006 10:06 To: focus-ids () securityfocus com Subject: Re: Scan for "outsider" Pcs on network Could be 802.1X an alternative? Probably hard to deploy,
switches
and wireless AP with the feature and some OS challenges but it may
be a
solution. -tlecu
Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Scan for "outsider" Pcs on network dhamm (Mar 03)
- Re: Scan for "outsider" Pcs on network Mircea MITU (Mar 09)
- Re: Scan for "outsider" Pcs on network Ron Gula (Mar 11)
- Re: Scan for "outsider" Pcs on network Eagle Fire (Mar 14)
- Re: Scan for "outsider" Pcs on network Ron Gula (Mar 11)
- Re: Scan for "outsider" Pcs on network Alice Bryson (Mar 14)
- Re: Scan for "outsider" Pcs on network Kurt Buff (Mar 20)
- Re: Scan for "outsider" Pcs on network Jean-Philippe Luiggi (Mar 21)
- <Possible follow-ups>
- RE: Scan for "outsider" Pcs on network Craig Wright (Mar 11)
- Re: Scan for "outsider" Pcs on network Eagle Fire (Mar 17)
- Re: Scan for "outsider" Pcs on network auto62996 (Mar 20)
- RE: Scan for "outsider" Pcs on network Craig Wright (Mar 21)
- Re: Scan for "outsider" Pcs on network Eagle Fire (Mar 27)
- Re: Scan for "outsider" Pcs on network auto62996 (Mar 30)
- Re: Scan for "outsider" Pcs on network Mircea MITU (Mar 09)