RE: Wired detection of rogue access points

["Adam Graham" <agraham () datastreamcowboys net>]

"Meh, this is simply not true. My home AP might is plenty secure from my
SOHO
technology noob neighbors with MAC filtering - few, if any, of them even
know what an "AP" is much less "MAC spoofing"."

Gotcha there... my closest neighbors (my parents) are a mile a way.. and I
just don't see my dad hacking my AP.. lol


Having said that filtering technologies such as MAC filtering are far too
difficult to manage given the relatively small security return provided and
as such should be avoided given the fact that other superior authentication
and access control mechanisms exist.

In my solution MAC filtering has be simplified and easy to manage. I set up
using cron/bash script to download the new approved and banned MAC lists on
a regular interval. As well as check the local server for OS updates, AV
updates. The Master MAC list is a MySQL database, with other information as
well... we track all information of the machine from day it was ordered til
it dies. All work done to it and current and past configurations... 


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------