Security Basics mailing list archives
RE: Wireless security question
From: "Harshul Nayak" <harshul.nayak () patni com>
Date: Thu, 23 Dec 2004 09:31:31 +0530
Hello Marty, have a well defined wireless security policy for your network Make the User aware about the Security policies implemented, educate them .. - Tell employees they own security and share the cost of security breaches. - Explain to employees the risk of setting up access points (AP) without the knowledge or consent of the network administrator (called Rogue Access Points). - When setting up Rogue APs, employees often fail to address security settings, incorrectly assuming they are turned on. - Implement a system where users know the names of the APs, and stress the importance of connecting only to known APs. - Educate users about the security risks of connecting wirelessly using peer-to-peer networks. - Warn users about the dangers of connecting in public or shared spaces using ad hoc mode. - Show users how to check security mechanisms on their PC and, if required, enable them. Implement Vigilant Security Policies Without a policy requiring regularly scheduled security checks, you're putting your network at risk for future security breaches. -Develop a WLAN security policies and establish quarterly performance objectives based on these policies. - Regularly scan for rogue or unknown APs. - Change default management passwords and SSIDs on APs. - Implement the latest IEEE security specifications (currently 802.11i). for more info, refer wireless best practices http://www.intel.com/business/bss/infrastructure/wireless/security/best_prac tices.htm -cheers Harshul Information Security Consultant (ESM & Information Security Services) Patni Computer Systems Limited 31/10, EL Zone, J-Block, MIDC Bhosari, Pune 411026, India -----Original Message----- From: Marty [mailto:groupecci () yahoo ca] Sent: Wednesday, December 22, 2004 10:27 PM To: Sec Basic Subject: Wireless security question Hi gang! Here is a question for you... We have a secure network with no wireless connections whatsoever. One of our laptop came in with credentials to log on to the network through the Ethernet cable BUT the person had just added a wireless card to his laptop. This situation actually came up and the person could see external wireless networks (from other companies around our building) and access Internet through there. Yeah I know they're stupid, but it's the real world! This seems like a potential threat for taking our data out the back door. Copy files accessed through our network to another network and voilà! No trace at all of the mischief. We monitor internet access and block non-company Email (Yahoo, Hotmail etc.). Suggestions? Thanks and Happy Holidays! Marty! __________________________________________________________ Lèche-vitrine ou lèche-écran ? magasinage.yahoo.ca http://www.patni.com World-Wide Partnerships. World-Class Solutions. _____________________________________________________________________ This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at netadmin () patni com and delete this mail. _____________________________________________________________________
Current thread:
- Wireless security question Marty (Dec 22)
- RE: Wireless security question Hamlesh Motah (Dec 22)
- Re: Wireless security question Steve (Dec 22)
- RE: Wireless security question Rob McShinsky (Dec 23)
- Re: Wireless security question Michael Puchol (Dec 28)
- RE: Wireless security question Rob McShinsky (Dec 23)
- RE: Wireless security question Harshul Nayak (Dec 23)
- Re: Wireless security question Tomas Wolf (Dec 23)
- Re: Wireless security question Liran Cohen (Dec 23)
- Re: Wireless security question Nelson Santos (Dec 28)
- Re: Wireless security question threepts (Dec 29)
- <Possible follow-ups>
- RE: Wireless security question Gross Barry D. (Dec 23)
- RE: Wireless security question Andrew Shore (Dec 23)
- RE: Wireless security question Justin Acquaro (Dec 23)
- RE: Wireless security question Andrew Shore (Dec 28)
- Re: Wireless security question Nicholas Diotte (Dec 28)
- RE: Wireless security question adisegna (Dec 28)
(Thread continues...)