Firewall Wizards mailing list archives
Impeding wireless (was Re: Hopefully not too OT)
From: Kevin <kkadow () gmail com>
Date: Mon, 2 May 2005 15:44:35 -0500
Is there a more appropriate mailing list for this topic? On Mon, 02 May 2005 07:29:48, <jimmy () chickenhollow net> wrote:
In my searching, I pondered long and hard on rogue wireless APs and contractor/vendor laptops with wireless enabled becoming a potential vector.
Have you considered network-level controls to prevent or detect the deployment of rogue wireless APs? See http://tinyurl.com/83v6x
While I scan our main building once a week with some wireless security tools, it is not feasible for me to contiuously drive around and scan all of our sites. I know also that I could put some sort of wireless IDS/Honeypot type thing out at each site, this would be expensive, and right now we are not flush with cash. I have been pondering putting an 802.11 jammer on site at each location (again, we don't use wireless, so it should not impair anything) and thought that might be a cheaper option.
If you are in the US, there are FCC issues with intentionally jamming the 802.11 spectrum with an active transmitter. I recall at least one open source tool which attempts to identify access points from the wired network by their MAC and other unique characteristics of the LAN-facing interface of APs? You might create and enforce a LAN policy restricting the addition of *any* new devices to the wired network, and enforce this policy through firewall rules, 802.1x, and switch features. This should provide alerting when any rogue connection is added to the network, wireless or wired. Kevin Kadow _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Hopefully not too OT jimmy (May 02)
- Re: Hopefully not too OT David Thiel (May 02)
- Management, Security and best practices for HSM & ATM networks Shimon Silberschlag (May 02)
- RE: Hopefully not too OT Ben Nagy (May 02)
- RE: Hopefully not too OT Marcus J. Ranum (May 02)
- Re: Hopefully not too OT Barney Wolff (May 03)
- Re: Hopefully not too OT Marcus J. Ranum (May 03)
- RE: Hopefully not too OT Marcus J. Ranum (May 02)
- Impeding wireless (was Re: Hopefully not too OT) Kevin (May 02)
- Re: Hopefully not too OT Paul D. Robertson (May 02)
- Re: Hopefully not too OT David Lang (May 02)
- RE: Hopefully not too OT Paul Melson (May 02)
- Re: Hopefully not too OT Jim MacLeod (May 05)
- <Possible follow-ups>
- RE: Hopefully not too OT Behm, Jeffrey L. (May 02)
- RE: Hopefully not too OT Gregory Hicks (May 02)
- Re: Hopefully not too OT Kevin Sheldrake (May 03)
- RE: Hopefully not too OT MHawkins (May 05)
- RE: Hopefully not too OT Paul D. Robertson (May 05)
- RE: Hopefully not too OT Chris Blask (May 08)
- RE: Hopefully not too OT Paul D. Robertson (May 05)