Firewall Wizards mailing list archives
Re: Wireless
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Fri, 9 Aug 2002 18:32:11 -0400 (EDT)
On Fri, 9 Aug 2002, John McDermott wrote:
ejb3 () cornell edu wrote:Spoofing MAC addresses is easy, even on 802.11b cards. Managing permitted MAC addresses is a good idea for home users with few cards and only a single base station. It's a management nightmare for large installations.So what is the Best Practice approach to securing a wireless subnet? Given a WAP and n known cards, what is the best way to deal with MAC spoofing, wandering unauthorized users, etc. to prevent access to all lan resources for unauthorized users?
Best recommends at present speak of wrapping all transmissions within an encrypted tunnel. SSH or some IPsec tool. Still one should localise the range of their transmissions as much as possible, as information leakage is still present due to the management packets between and through any device talking to the AP. This gains one the ability to encrypt the data portions of their connections, but there remains much information leakage. Basically, no matter how well one tries to 'secure' their wireless transmissions, they have exposed a ethernet subnet<s?> to outside sniffing. The range of the sniffing capabilites lies in how much one wishes to invest time or monies into an antenae for their sniffing/attack vectors into this realm. There are claims that homebuilt antenaes can sniff from 1-10 miles out, so sitting in a parking lot is not a requirement. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Wireless, (continued)
- Re: Wireless B. Scott Harroff (Aug 09)
- RE: Wireless Scott, Richard (Aug 09)
- RE: Wireless ejb3 (Aug 09)
- Re: Wireless Jeff Newton (Aug 09)
- Re: Wireless R. DuFresne (Aug 09)
- Re: Wireless Jeff Newton (Aug 09)
- RE: Wireless ejb3 (Aug 09)
- Re: Wireless John McDermott (Aug 09)
- Re: Wireless Paul Robertson (Aug 09)
- Re: Wireless Dave Piscitello (Aug 19)
- Re: Wireless ejb3 (Aug 09)
- Re: Wireless R. DuFresne (Aug 09)
- RE: Wireless Paul Robertson (Aug 09)
- RE: Wireless R. DuFresne (Aug 09)
- Re: Re: Wireless Gary Flynn (Aug 09)