RE: [fw-wiz] Hopefully not too OT

From: Paul Melson (psmelson_at_comcast.net)
Date: 05/03/05

  • Next message: Paul Melson: "FW: [fw-wiz] PIX -> ISA -> OWA Configuration"
    To: <jimmy@chickenhollow.net>, "'Gregory Hicks'" <ghicks@cadence.com>, <firewall-wizards@honor.icsalabs.com>, "'Kevin    Sheldrake'" <kev@electriccat.co.uk>
    Date: Tue, 3 May 2005 15:07:48 -0400
    
    

    If you mistrust internal users, I think you may be better served by looking
    at EAP or some other sort of network access control (gee, I wonder if
    somebody's branded that term... :-) that could address any rogue equipment
    or users. It's just as feasible that an outside contractor, a guest, an
    untrustworthy employee, or even a cunning criminal could get past physical
    security and connect to your wired network and have their way with your
    data that way. Even within the parameters of corporate security policies,
    this type of thing represents a real threat. All of the network-based worm
    exposures I've seen at (insert current employer here) were caused by laptops
    brought in by (insert high-profile audit firm, now removed from approved
    infosec vendor list here).

    Anyway, nmap -sS -O -p23,80,443 can identify rogues from the wired side,
    since it can fingerprint about a dozen different AP types.

    PaulM

    -----Original Message-----
      I am going to have to take a multifaceted approach to this I believe, we
    have a very aggressive security posture here, we mistrust our internal users
    just as much as external users, and have a very tight filtering system, at
    the wire and application level, but I am paranoid, so I will keep going
    further.

      If anyone has any experience with scanners (preferrably open source) which
    are good at ferreting out rogue APs I would be gratefull for pointers.

      Again, many thanks to all!

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul Melson: "FW: [fw-wiz] PIX -> ISA -> OWA Configuration"

    Relevant Pages

    • Re: Wi-Fi: Essential Checklist
      ... I cannot imagine (in an unclassified network) imposing draconian network ... Even if one could consider WPA 'draconian' you've obviously never worked in a corporate environment. ... implications that the same level of _network_ security is always indicated ... to be applied to internal users as to the outside world is often unacceptable to commercial customers. ...
      (alt.internet.wireless)
    • Re: Exchange and Sync
      ... Or in the worse case you can add an entry to your hosts file on the PC where ... this Pocket PC is connected to the internal network... ... > one for internal users and one for external users. ... >> it via my GPRS connection yet. ...
      (microsoft.public.pocketpc)
    • RE: Microsoft/Google Desktop Search - Security issues?
      ... used by internal users to index Mapped Network Drives and search content ... The Microsoft Desktop Search should be controlable in its behaviour via a GPO ... > With the advent of Google and Microsoft Desktop searches - which virtually ... > present a potential problem for exposing internal network searches to the ...
      (microsoft.public.security)
    • Re: pix dhcp and nat
      ... pix inside 10.112.2.241 ... Is 10.2.2.2 inside or outside the network? ... You would need a 'static' command, and you would need a 'route' command, ... the IP that internal users are to use to reach the outside resource, ...
      (comp.dcom.sys.cisco)
    • Re: SSH password prompt interval
      ... That is ture for remote users, what if the users are on the local box? ... %99 of security measures are for internal users only. ...
      (comp.security.ssh)