Firewall Wizards mailing list archives

RE: Hopefully not too OT

From: "Paul Melson" <psmelson () comcast net>
Date: Mon, 2 May 2005 17:12:59 -0400

I fear that a jammer would give you a false sense of security.  For one,
they're not totally effective, especially against ad-hoc networks in close
proximity to each other.  Sure, they kill performance, but they don't shut
it down.  Secondly, they can actually assist those airsnort-ing your space
in collecting unique IV's should your rogue users be well-intentioned enough
to use WEP.  Thirdly, many jammers only operate in the 2.4GHz band - in the
US alone you can buy WiFi products that operate at 915MHz and 5.8GHz, to say
nothing of FHSS vs. DSSS.  And, perhaps more importantly, jammers are not at
all neighborly if your offices share space or proximity to businesses that
do choose to use WiFi.

Not to say that I have a better technical solution, but if you don't want
*people* in or with your organization to use wireless, then you have a
*people* problem that requires a people solution.

PaulM
 

-----Original Message-----
Subject: [fw-wiz] Hopefully not too OT

Good afternoon,

  This is not strctly firewalls per se, but more security in general, and as
I usually find the quality of responses on this list to be of value, I will
post it here.

  I work for an organization of about 5000 employees, with 55 remote sites
hooked into our central site (ie, all traffic chokes at our main site and
it's firewall.

  We have NO wireless network, and until the security of it matures to a
point where I am reasonably comfortable (or until I am told to deploy one,
more likely).

  With all of the recent identity theft, and the fact that we would be a
potential target for such activities, I am trying to see where our
vulnerabilities lie.  In my searching, I pondered long and hard on rogue
wireless APs and contractor/vendor laptops with wireless ebabled becoming a
potential vector.

  While I scan our main building once a week with some wireless security
tools, it is not feasible for me to contiuously drive around and scan all of
our sites.  I know also that I could put some sort of wireless IDS/Honeypot
type thing out at each site, this would be expensive, and right now we are
not flush with cash.

  I have been pondering putting an 802.11 jammer on site at each location
(again, we don't use wireless, so it should not impair anything) and thought
that might be a cheaper option.

  Have any of you done something like this, and have any tips from your
experiences with this sort of scenario.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Hopefully not too OT jimmy (May 02)
- Re: Hopefully not too OT David Thiel (May 02)
- Management, Security and best practices for HSM & ATM networks Shimon Silberschlag (May 02)
- RE: Hopefully not too OT Ben Nagy (May 02)
  - RE: Hopefully not too OT Marcus J. Ranum (May 02)
    - Re: Hopefully not too OT Barney Wolff (May 03)
    - Re: Hopefully not too OT Marcus J. Ranum (May 03)
- Impeding wireless (was Re: Hopefully not too OT) Kevin (May 02)
- Re: Hopefully not too OT Paul D. Robertson (May 02)
  - Re: Hopefully not too OT David Lang (May 02)
- RE: Hopefully not too OT Paul Melson (May 02)
- Re: Hopefully not too OT Jim MacLeod (May 05)
- <Possible follow-ups>
- RE: Hopefully not too OT Behm, Jeffrey L. (May 02)
- RE: Hopefully not too OT Gregory Hicks (May 02)
  - Re: Hopefully not too OT Kevin Sheldrake (May 03)
- RE: Hopefully not too OT MHawkins (May 05)
  - RE: Hopefully not too OT Paul D. Robertson (May 05)
    - RE: Hopefully not too OT Chris Blask (May 08)
    - RE: Hopefully not too OT Frederick M Avolio (May 12)
- Re: Hopefully not too OT jimmy (May 05)
- RE: Hopefully not too OT Paul Melson (May 05)

(Thread continues...)