RE: [fw-wiz] Hopefully not too OT
From: Paul Melson (psmelson_at_comcast.net)
To: <firstname.lastname@example.org>, "'Gregory Hicks'" <email@example.com>, <firstname.lastname@example.org>, "'Kevin Sheldrake'" <email@example.com> Date: Tue, 3 May 2005 15:07:48 -0400
If you mistrust internal users, I think you may be better served by looking
at EAP or some other sort of network access control (gee, I wonder if
somebody's branded that term... :-) that could address any rogue equipment
or users. It's just as feasible that an outside contractor, a guest, an
untrustworthy employee, or even a cunning criminal could get past physical
security and connect to your wired network and have their way with your
data that way. Even within the parameters of corporate security policies,
this type of thing represents a real threat. All of the network-based worm
exposures I've seen at (insert current employer here) were caused by laptops
brought in by (insert high-profile audit firm, now removed from approved
infosec vendor list here).
Anyway, nmap -sS -O -p23,80,443 can identify rogues from the wired side,
since it can fingerprint about a dozen different AP types.
I am going to have to take a multifaceted approach to this I believe, we
have a very aggressive security posture here, we mistrust our internal users
just as much as external users, and have a very tight filtering system, at
the wire and application level, but I am paranoid, so I will keep going
If anyone has any experience with scanners (preferrably open source) which
are good at ferreting out rogue APs I would be gratefull for pointers.
Again, many thanks to all!
firewall-wizards mailing list