Re: Wired detection of rogue access points
- From: "Eric Hacker" <my.self@xxxxxxxxxxxxxx>
- Date: Thu, 29 Mar 2007 14:21:37 -0400
On 3/28/07, Adam Graham <agraham@xxxxxxxxxxxxxxxxxxxxx> wrote:
Why is everyone concentrating on MAC filtering..... MAC filters are just a
front line first wave deterrent.
There are two main problems here.
One the administrative difficulties of any MAC based solution quickly
outweigh the benefits.
More importantly, Ethernet ONLY has MAC authentication. It doesn't
matter that all your legitimate access points are outside the firewall
if all you LAN ports are inside and my rouge access point is on one of
those.
From that perspective, 802.11 is more secure than 802.3. Even withWEP, one has to expend some effort trying to crack keys. On Ethernet,
all one needs is the MAC. Ethernet is wide open, except that it is
physically harder to get to than wireless.
Any authentication layered on top of Ethernet cannot stop a motivated
attacker unless it authenticates every single packet. That means
encryption or at least IPSec AH. All 802.1x does is force an
authentication every now and then of the MAC and or IP address. If one
is worried about financially motivated espionage, that is not good
enough.
That's why the focus on MAC address is so important. Too many people
think that it is way more valuable than it is.
The network is defined layers. Security must be applied in layers. If
you don't understand the security of a given layer, then it must be
considered worthless as far as what you know. Assume you know and
you're sure to fall.
One can attempt to rebuild the levies protecting New Orleans and hope
they'll hold next time, but one must also begin to restore the natural
wetlands that used to protect New Orleans before the 20th century.
Sure levies provide some protection, but defense in depth of hundreds
of square miles of protection is the only viable long term solution.
If the levies reduce the political will to rebuild the wetlands, then
they have already failed.
Regards,
--
Eric Hacker, CISSP
aptronym (AP-troh-NIM) noun
A name that is especially suited to the profession of its owner
I _can_ leave well enough alone, but my criteria for well enough is
pretty darn high.
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
- References:
- Re: Wired detection of rogue access points
- From: tim_holman
- Re: Wired detection of rogue access points
- From: Adam Powers
- RE: Wired detection of rogue access points
- From: Adam Graham
- Re: Wired detection of rogue access points
- Prev by Date: Re: Solaris 10 x86 HIDS
- Next by Date: SV: Bittorrent - utorrent
- Previous by thread: RE: Wired detection of rogue access points
- Next by thread: RE: Wired detection of rogue access points
- Index(es):
Relevant Pages
|
