Re: Detection of Rogue Access Points

[Sean Harlow <sean () seanharlow info>]

On Mon, Oct 15, 2012 at 8:44 PM, George Herbert <george.herbert () gmail com>wrote:

> This solution - the "don't care" solution - almost fails the
> negligence test for certain security regimes including PCI (credit
> cards) and possibly SOX for retail data locations (and HIPPA for
> hospitals / medical locations, etc).

Of course, and this is where the situational judgement comes in to play.
 The low-security environments I was envisioning are those more like my own
office, where the only on-site server is basically a homebrew NAS storing
music/movies for slow days.  We've jumped head first in to the Google Apps
system so all files, mail, etc. are there.  Payments and any other
customer-facing services are on servers hosted in a proper datacenter,
never coming close to the office LAN, so our actual risk is basically the
same as that of a home user.  The boss using his laptop on public WiFi
worries me a lot more than someone gaining access to our network.

If you take payments on-premise and transmit them over the network, it's
obviously another story entirely.