RE: Network scanning

["CHRIS GRABENSTEIN" <LFGRABC () LF VCCS EDU>]

I don't think there is a really good way to do it.  Filtering by MAC on the
access point is good, but MACs can be spoofed.  The packets of course can
still be sniffed which could provide a lot of info.  I'd recommend something
like LEAP authentication with Cisco access points.  You have to use all-Cisco
wireless equipment, but it seems to work well.  Encryption on top of that
wouldn't be a horrible idea.

As far as the hard wires, I think the best solution is to search out those
unused ports and unplug them from the switch.  They can be quickly
reconnected if needed, and you'll know about it.  Sniffing for traffic from
new devices on the network is fine unless they use a sniffer cable which only
allows traffic to flow in one direction.  They're cheap and small.  Also,
just restricting who can grab an address via DHCP isn't good enough because
they can still use a static IP or just sniff.


|-----Original Message-----
|From: netsec novice [mailto:netsec9 () hotmail com] 
|Sent: Thursday, August 07, 2003 4:51 PM
|To: security-basics () securityfocus com
|Subject: Network scanning
|
|
|Are there tools out there that would allow system administrators to be 
|notified when a new workstation attaches to a network?  I'm 
|thinking both 
|wireless and ethernet in this case.  SNMP maybe?  I am in a 
|credit union 
|environment and my concern is that someone would be able to steal an 
|existing jack or a jack that is not physically protected but 
|live and be 
|able to capture traffic or do reconaissance.  We don't have 
|Wireless access 
|at this point but may look to it in the future.  My only 
|thought in that 
|case would be to encrypt all traffic since wireless security 
|is a bit scary 
|at this point.  Any ideas?

---------------------------------------------------------------------------
----------------------------------------------------------------------------