Security Basics mailing list archives
Re: WLAN Security, Authentication, and more...
From: James Kelly <jim () essistants com>
Date: Mon, 10 May 2004 17:09:47 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 tom jones wrote: | Hello, | 1. Security Controls | What have you seen / implemented as a standard for | wireless security? I know LEAP is out of the question | due to the dictionary attack vulerability. Possibly | PEAP or some other 802.1x standard? If you are in an environment which needs to be highly secured, you may want to use something like IPSec. | Authentication - I usually see authentication through | the DMZ to a back end Radius or Active Directory | server. Any other options? I have heard good things about NoCatAuth, although I have no used it yet. Maybe others on the list can comment on that. | 2. How have you detered users from using their | laptops at the local coffee shop? Policies and | procedures are a start, but are any system level | controls in place to only allow connections to the | corporate environment? I would be concered an | employee may have information traveling in the air on | an open network (or have their machines comprimized | while drinking some latte). I understand the need to be secure, but I think this is being over paranoid. As long as you can assure the connection is secure, I wouldn't worry about it. Of course this is me, before I get flamed for that, I will say that each situation is different. | 3. Rogue Wireless Detection - I have done much | reading on this subject and would like to know how you | all tackle this issue. Some suggest cool toys like | AirDefense, etc. Others suggest some sort of MAC | monitoring on switches/routers. I am a fan of walking | around with Kismet every few weeks. The major issue I | have encountered with walking around is the problem of | neighboring buildings (in a downtown environment). | It's easy enough to find the APs you know about, but | finding a rogue AP connected to your network becomes a | challenge with all of the other APs popping up. The | only way I have found around this is to take a best | guess based on signal/noise strength and go from | there. Any thoughts/suggestions on what you have read | or deployed? Try a more directional antenna maybe, say the pringles can since it is easy? Hope this helps, Jim -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAn7db3IzKSZsd6+oRAjyBAJ9PwjLJUYD2Dq8jO1yPYYXtQcrcZgCdH1vg zJpVDr+5TIb+vn2yAVf19JE= =Oxtl -----END PGP SIGNATURE----- ---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- WLAN Security, Authentication, and more... tom jones (May 10)
- Re: WLAN Security, Authentication, and more... James Kelly (May 10)
- ssh - AN Security, Authentication, and more... Alvin Oga (May 11)
- Re: ssh - AN Security, Authentication, and more... James Kelly (May 11)
- ssh - AN Security, Authentication, and more... Alvin Oga (May 11)
- <Possible follow-ups>
- RE: WLAN Security, Authentication, and more... Giddens, Robert (May 10)
- RE: WLAN Security, Authentication, and more... Josh Mills (May 10)
- RE: WLAN Security, Authentication, and more... Joerg Over Dexia (May 11)
- Re: WLAN Security, Authentication, and more... Sandy Carr (May 11)
- Re: WLAN Security, Authentication, and more... James Kelly (May 10)