PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Auditing WPA/WPA2 wifi networks

From: Robert Portvliet <robert.portvliet () gmail com>
Date: Sat, 9 Mar 2013 17:40:26 -0500
So, your main concern with EAP-TLS is the security of the client side
certificates. The types of MITM attacks that PEAP and EAP-TTLS are
vulnerable to (FreeRadius-WPE) don't come into play. The attacker will have
to actually obtain one of the client's certificates to gain access to the
network.

However, on that note, when you say external users (on this 3rd AP), I took
that to mean non-employee users. If you don't mind me asking, how are you
planning to manage using EAP-TLS with them? (due to the requirement for a
client side cert) (or did I completely misunderstand?).

My thought about the servers though, if they are in fact accessed by
employees and non-employees, is to keep in mind that they could be a
possible jump off point into your internal network if compromised. It might
pay to put them in some kind of segregated DMZ type environment.


On Sat, Mar 9, 2013 at 2:12 PM, C. L. Martinez <carlopmart () gmail com> wrote:


On Sat, Mar 9, 2013 at 4:25 PM, Robert Portvliet
<robert.portvliet () gmail com> wrote:

When you say WPA/WPA2, are you using PSK or EAP for authentication? If

EAP,

what EAP type will be in use? (PEAP, EAP-TTLS, EAP-TLS, etc.). Attack
vectors vary significantly based on this.


AFAIK, EAP-TLS.

 I assume this 3rd network (for

external people), will be firewall/VLAN segregated once it hits your

wired

network, but are these servers you speak of used by your internal

employees

as well?


Correct.



On Sat, Mar 9, 2013 at 7:36 AM, C. L. Martinez <carlopmart () gmail com>

wrote:


On Sat, Mar 9, 2013 at 3:48 AM, Doug Chesterman
<mobile.doug.chesterman () gmail com> wrote:

Are you talking about auditing the wireless portion of the network or
monitoring it with a (W)IDS/IPS?

There are commercial WIDS/WIPS, Motorola makes Air Defence and there

are

others as well.

How you audit your wireless network will depend on the risks that
wireless pose to your organization and how they are being managed.

The security of your APs is not the only risk, you may want to also
think about the configuration of wireless devices and whether they can
associate with an attacker's rogue AP.

Do you monitor for people in your org who connect their own consumer
wireless router?

Doug




Two of these AP will be used by internal users to onnect their mobile
phones and tables. The other AP will be used by external people to
connect to some servers in our internal infrastructure. The real risk
is with this third AP: we want to monitor all connections in this AP,
and control in all AP, that WPA/WPA2 is not cracked, for example. To
reach this state, previously we want to delimit all risks: cracking
WPA/WPA2, checking firewall rules are ok, IDS monitors and trigger
correct alerts ....
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: