RE: [fw-wiz] Hopefully not too OT
From: Paul Melson (psmelson_at_comcast.net)
Date: 05/02/05
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Hopefully not too OT"
- In reply to: jimmy_at_chickenhollow.net: "[fw-wiz] Hopefully not too OT"
- Next in thread: Gregory Hicks: "RE: [fw-wiz] Hopefully not too OT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <jimmy@chickenhollow.net>, <firewall-wizards@honor.icsalabs.com> Date: Mon, 2 May 2005 17:12:59 -0400
I fear that a jammer would give you a false sense of security. For one,
they're not totally effective, especially against ad-hoc networks in close
proximity to each other. Sure, they kill performance, but they don't shut
it down. Secondly, they can actually assist those airsnort-ing your space
in collecting unique IV's should your rogue users be well-intentioned enough
to use WEP. Thirdly, many jammers only operate in the 2.4GHz band - in the
US alone you can buy WiFi products that operate at 915MHz and 5.8GHz, to say
nothing of FHSS vs. DSSS. And, perhaps more importantly, jammers are not at
all neighborly if your offices share space or proximity to businesses that
do choose to use WiFi.
Not to say that I have a better technical solution, but if you don't want
*people* in or with your organization to use wireless, then you have a
*people* problem that requires a people solution.
PaulM
-----Original Message-----
Subject: [fw-wiz] Hopefully not too OT
Good afternoon,
This is not strctly firewalls per se, but more security in general, and as
I usually find the quality of responses on this list to be of value, I will
post it here.
I work for an organization of about 5000 employees, with 55 remote sites
hooked into our central site (ie, all traffic chokes at our main site and
it's firewall.
We have NO wireless network, and until the security of it matures to a
point where I am reasonably comfortable (or until I am told to deploy one,
more likely).
With all of the recent identity theft, and the fact that we would be a
potential target for such activities, I am trying to see where our
vulnerabilities lie. In my searching, I pondered long and hard on rogue
wireless APs and contractor/vendor laptops with wireless ebabled becoming a
potential vector.
While I scan our main building once a week with some wireless security
tools, it is not feasible for me to contiuously drive around and scan all of
our sites. I know also that I could put some sort of wireless IDS/Honeypot
type thing out at each site, this would be expensive, and right now we are
not flush with cash.
I have been pondering putting an 802.11 jammer on site at each location
(again, we don't use wireless, so it should not impair anything) and thought
that might be a cheaper option.
Have any of you done something like this, and have any tips from your
experiences with this sort of scenario.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Hopefully not too OT"
- In reply to: jimmy_at_chickenhollow.net: "[fw-wiz] Hopefully not too OT"
- Next in thread: Gregory Hicks: "RE: [fw-wiz] Hopefully not too OT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
