Security Basics mailing list archives
Re: Wireless security question
From: Michael Puchol <mpuchol () sonar-security com>
Date: Fri, 24 Dec 2004 08:59:33 +0100
Hi Rob,Just FYI, Netstumbler scans by sending probes, and some APs are configured not to respond to probes (some Intel ones for example do this by default) - this means Netstumbler won't see those. If you are going to scan for security, and not for fun (wardriving, for example), I recommend Kismet, and if you have the budget, AiroPeek NX or AirMagnet - they are tailored to provide specific alarms to situations you can define.
As for the matter at hand, I would harden GPs as you mention regarding hardware and network rights.
Another thing you could do is disable the TCP/IP stack in the wireless adapter's configuration, that would certainly sterilize it.
Best regards, Mike mother () netstumbler com Rob McShinsky wrote:
If you have a Windows Domain and these machines are on that domain, you can put a Group Policy in place that will disable the computers ability to bridge connections, share connections, etc... Doing regular sweeps with a product like netstumbler throughout your facilities can also find your problem machines. These along with a known written company policy should cover the company legally at least. Rob -----Original Message-----From: Steve [mailto:securityfocus () delahunty com] Sent: Wednesday, December 22, 2004 5:56 PMTo: Marty; Sec Basic Subject: Re: Wireless security question Policy against wireless, including cards. Remove his wireless card. One risk you have is his laptop latching on to hostile networks, once with worms/viruses, as well as the threat you note. ----- Original Message ----- From: "Marty" <groupecci () yahoo ca> To: "Sec Basic" <security-basics () securityfocus com> Sent: Wednesday, December 22, 2004 11:57 AM Subject: Wireless security question Hi gang! Here is a question for you... We have a secure network with no wireless connections whatsoever. One of our laptop came in with credentials to log on to the network through the Ethernet cable BUT the person had just added a wireless card to his laptop. This situation actually came up and the person could see external wireless networks (from other companies around our building) and access Internet through there. Yeah I know they're stupid, but it's the real world! This seems like a potential threat for taking our data out the back door. Copy files accessed through our network to another network and voilà! No trace at all of the mischief. We monitor internet access and block non-company Email (Yahoo, Hotmail etc.). Suggestions? Thanks and Happy Holidays! Marty! __________________________________________________________ Lèche-vitrine ou lèche-écran ? magasinage.yahoo.ca
Current thread:
- Wireless security question Marty (Dec 22)
- RE: Wireless security question Hamlesh Motah (Dec 22)
- Re: Wireless security question Steve (Dec 22)
- RE: Wireless security question Rob McShinsky (Dec 23)
- Re: Wireless security question Michael Puchol (Dec 28)
- RE: Wireless security question Rob McShinsky (Dec 23)
- RE: Wireless security question Harshul Nayak (Dec 23)
- Re: Wireless security question Tomas Wolf (Dec 23)
- Re: Wireless security question Liran Cohen (Dec 23)
- Re: Wireless security question Nelson Santos (Dec 28)
- Re: Wireless security question threepts (Dec 29)
- <Possible follow-ups>
- RE: Wireless security question Gross Barry D. (Dec 23)
- RE: Wireless security question Andrew Shore (Dec 23)
- RE: Wireless security question Justin Acquaro (Dec 23)
- RE: Wireless security question Andrew Shore (Dec 28)
- Re: Wireless security question Nicholas Diotte (Dec 28)
(Thread continues...)