Security Basics mailing list archives

RE: Wireless access

From: "Rosado, Rafael (Rafael)" <rarosado () lucent com>
Date: Fri, 26 Mar 2004 16:59:49 -0700

Robert,

To setup wireless to allow guests to access the network while authorized
employees can access your corporate network, you will need to setup VLANs
(Virtual LANs) to segregate the access and traffic.  This can be
accomplished with Layer 2/3 switches.  It can also be accomplished by
several access points (Cisco, Foundry, Proxim, other) via the APs ability to
manage multiple SSIDs (Bernard Aboba from Microsoft wrote some documents
about how to properly implement Virtual APs via APs that have Multiple SSID
features -
http://www.drizzle.com/~aboba/IEEE/11-03-154r1-I-Virtual-Access-Points.doc
and http://www.drizzle.com/~aboba/IEEE/virtual-APs.ppt).  


Rafael Rosado, CISSP, CISA
Network Security Manager
Lucent Technologies
IT Infrastructure - Network Design
2400 SW 145th Avenue 
Miramar, Florida 33027 
Office: 954-885-2176 
Facsimile: 954-885-3861 
Email: rarosado () lucent com 

This electronic mail message contains information belonging to Lucent
Technologies, which may be confidential and/or legal privileged. The
information is intended only for the use of the individual or entity named
above. If you are not the intended recipient, you are hereby notified that
any disclosure, printing, copying, distribution, or the taking of any action
in reliance on the contents of this electronically mailed information is
strictly prohibited. If you receive this message in error, please
immediately notify us by electronic mail and delete this message.

-----Original Message-----
From: Robert Mezzone [mailto:Robert.Mezzone () PJSolomon Com] 
Sent: Friday, March 26, 2004 4:42 PM
To: security-basics () securityfocus com
Subject: RE: Wireless access

How do you handle wireless network security in a corporate environment? A
couple of the people here want me to setup a wireless network so visitors
can setup there laptop in a conference room, or anywhere in the office and
connect to the network, internet not our internal network. I'm not to
comfortable with this idea but I don't have the final say. It sounds like I
would have to leave MAC access control turned off, or obtain the users MAC
address then enter it into control list, and also provide the visitor with
the SSID and the WEP password. Am I correct in this assumption. Wireless
networking was suppose to make things easier in their eyes. Unless I leave
everything wide open it's probably easier to plug an Ethernet cable in the
PC. 

-----Original Message-----
From: Peter Martin [mailto:Peter.Martin () macquarie com]
Sent: Friday, March 26, 2004 12:45 AM
To: Paul John Summers; security-basics () securityfocus com
Subject: RE: Wireless access

Most, if not all wireless access points and/or routers will have built-in
MAC access control. Usually very simple - just turn it on and add the
addresses you wish to allow access.

The problem is, like you said, that it is very easy to spoof a MAC address
and get around this security. However, for home users, setting an SSID (and
NOT something recognisable like "John Smith Home Internet Share"), turning
on WEP (or WPA if the devices support it) encryption with a non-easily
guessed password, and setting MAC access control; should be more then enough
for a user to feel safe.

Regards,
Peter Martin
Network Engineer

-----Original Message-----
From: Paul John Summers [mailto:paul_john_summers () hotmail com]
Sent: Friday, 26 March 2004 6:27 AM
To: security-basics () securityfocus com
Subject: RE: Wireless access


And addendum to that question, do any wireless routers contain tools so that
you can block all but specific hardware addresses? That is, my home wireless
router would block all but my hardware address, much like hard-wired
networks often require registration of hardware addresses before allowing a
new system to access it. I do believe there are methods of spoofing hardware
addresses but that aside, do wireless routers have capabilities for this

sort of thing that a home user could easily administer to better secure
their home network?

Disclaimer: I'm also a newbie so please forgive any misconceptions or false
assumptions!


From: "Bruyere, Michel" <mbruyere () ezemcanada com>
To: security-basics () securityfocus com
Subject: Wireless access
Date: Thu, 25 Mar 2004 08:36:05 -0500

Hi,
        I have a user who uses a wireless network at home. He just asked me
(it's a director) to find a way to avoid his laptop (Toshiba tecra running
XP Pro) connecting on the neighbor's router instead of his. He has a D-Link
614+, I don't know this model at all so I'm asking you guys if you know
a
way to restrict his laptop to only HIS router.

As you can see, I'm not very familiar with Wireless :/

Thanks for any inputs

M.Bruyere
Network/systems administrator
CompTIA A+, Network+


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----

_________________________________________________________________
Get rid of annoying pop-up ads with the new MSN Toolbar - FREE! 
http://toolbar.msn.com/go/onm00200414ave/direct/01/


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

RE: Wireless access, (continued)
- - RE: Wireless access David (Mar 29)
  - RE: Wireless access Kenton Smith (Mar 29)
    - RE: Wireless access Joe Thompson (Mar 30)
- RE: Wireless access Rosado, Rafael (Rafael) (Mar 26)
- RE: Wireless access William D. Menzie (Mar 26)
- RE: Wireless access Rosado, Rafael (Rafael) (Mar 26)
- RE: Wireless access Judie Ayoola (Mar 26)
- RE: Wireless access Eric Brown (Mar 26)
  - What Are These Shares(Remote Admin/Remote IPC)? Mark Sargent (Mar 29)
    - Re: What Are These Shares(Remote Admin/Remote IPC)? Alex Lomas (Mar 30)
- RE: Wireless access Rosado, Rafael (Rafael) (Mar 29)
- RE: Wireless access Dante Mercurio (Mar 29)
  - Re: Wireless access dries (Mar 30)
- RE: Wireless access Keith T. Morgan (Mar 29)
- RE: Wireless access Robert Mezzone (Mar 30)
- RE: Wireless access Mitchell Rowton (Mar 30)
- RE: Wireless access Cesar Osorio (Mar 30)
- RE: Wireless access Phillip McCollum (Mar 31)