Penetration Testing mailing list archives
RE: Wireless Pent-Test
From: "Keith T. Morgan" <keith.morgan () terradon com>
Date: Mon, 6 Oct 2003 12:48:55 -0400
-----Original Message----- From: Cesar Diaz [mailto:cesadiz () yahoo com] Sent: Saturday, October 04, 2003 9:16 PM To: pen-test () securityfocus com Subject: Wireless Pent-Test Remote users in my company have been begging for permission to use wireless NICs in their laptops for awhile now. When they are not on the road, most of them work from home and would like to be able to use their laptops anywhere in their house.
Yep. We're seeing this too. One of the things our policies state is that any connected node or nodes (this meaning workstations at the road-warrior's house) are subject to corporate security policies. This means we get to audit for security, check for AV, monitor for acceptable business use, etc... They're usually willing to deal with that.
Due to our industry and business requierements, we have to document every process and method used to access our data and prove that we've tested the security of our data.In order to let the users go wireless I have to show that I've tested the security on a wireless network. Our idea is to let the users buy wireless routers to connect to their cable/dsl routers and then wireless PCMCIA or USB cards on the laptop. We would implement 128 bit WEP security to prevent unauthorized access. I realize that WEP does not provide for stringent security, but we feel that by forcing users to change their WEP key regularly we can meet our requierements.
Are you going to remotely manage the WAPs? Plan on logging into them periodically to force WEP key changes? Then you have to notify them that it's changed, and provide them with a new key. IMO, this sounds like an undue administrative burden.
My question is, how do I test WEP and document wether or not it's secure? Any way to sniff for WEP keys, or to brute force attack a WEP session? If there is, how hard is it to set up? How much of a risk of a wireless connection with WEP enabled to be comprimised other than a dedicated, brute force attack?
Well, one way might be to sit outside thier house using airsnort or another WEP cracking utility. Given enough time and a few big file transfers by your user, there's a pretty good chance that the WEP key will be compromised. If your users will be handling, or could get access to fairly sensitive data, I'd have to rule out WEP except in conjunction with a pure IPSEC implementation. In that case, so what if the WEP key is compromised?
Any information is greatly appreciated.
Have you looked at Wireless Protected Access (WPA)? It's an emerging "standard" that looks pretty solid so far.
Cesar -------------------------------------------------------------- ------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 -------------------------------------------------------------- --------------
************************************************************************************************** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies. ** this message has been scanned for viruses, vandals and malicious content ** ************************************************************************************************** --------------------------------------------------------------------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ----------------------------------------------------------------------------
Current thread:
- Re: Wireless Pent-Test, (continued)
- Re: Wireless Pent-Test Cedric Blancher (Oct 08)
- Re: Wireless Pent-Test Raistlin (Oct 08)
- RE: Wireless Pent-Test Maxime Rousseau (Oct 06)
- Re: Wireless Pent-Test n0g0013 (Oct 07)
- Re: Wireless Pent-Test Michael J. Semaniuk (Oct 06)
- Re: Wireless Pent-Test goat (Oct 06)
- RE: Wireless Pent-Test Steve De Doncker (Oct 06)
- RE: Wireless Pent-Test Artes, Francisco (Oct 06)
- RE: Wireless Pent-Test Matthew Wagenknecht (Oct 06)
- RE: Wireless Pent-Test MJohnst5 (Oct 06)
- RE: Wireless Pent-Test Keith T. Morgan (Oct 06)
- Re: Wireless Pent-Test Gregory Spath (Oct 06)
- RE: Wireless Pent-Test Keith T. Morgan (Oct 07)
- Re: Re: Wireless Pent-Test Anish (Oct 09)
- Re: Wireless Pent-Test MARTIN M. Bénoni (Oct 10)