Re: MORE: Tools for Detecting Wireless APs - from the wire side.
From: Larry Youngquist (lyoungquist@hotmail.com)Date: 06/17/02
- Previous message: Martin Glazer: "Re: Tools for Detecting Wireless APs - from the wire side."
- In reply to: Toni Heinonen: "VS: MORE: Tools for Detecting Wireless APs - from the wire side."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Larry Youngquist" <lyoungquist@hotmail.com> To: "Pen-Test" <pen-test@securityfocus.com> Date: Mon, 17 Jun 2002 07:19:10 -0700
Toni;
While I don't have direct experience with these commercial products, the
Secure Server and Access Manager from SMC, may accomplish what you're
looking for.
http://elite.smc.com/index.cfm
Larry Youngquist
----- Original Message -----
From: "Toni Heinonen" <Toni.Heinonen@teleware.fi>
To: "R. DuFresne" <dufresne@sysinfo.com>
Cc: "Jon" <vandivee@midsouth.rr.com>; "Pen-Test"
<pen-test@securityfocus.com>
Sent: Friday, June 14, 2002 9:43 PM
Subject: VS: MORE: Tools for Detecting Wireless APs - from the wire side.
> > Ahh, but indeed. It's of course smarter to block access
> from the APs
> > instead of just trying to detect them. AFAIK no Wireless APs can do
> > 802.1x authentication to connect to the LAN, even though most can
> > accept wireless 802.1x clients.
>
>
> The fact that leap is only available on the newest of cisco's
> wireless equipment is one part of the issue. The other part
> of the wireless issue is how it expands ones perimiter. You
> still with encryption or not have opened up an external
> 'ethernet segment' to snooping. The management packets,
> which contain alot of information in and of themselfs on the
> wireless topology at the least, help intruders to map the
> segment, if not more, depending upon how the wireless toys
> are terminated and where.
Good morning,
No, actually I didn't mean quite that. I am not talkin about wireless
client authentication with 802.1x, I mean locking the LAN switches up
with 802.1x so all LAN clients have to authenticate (wired LAN). Thus
all the wired workstations have to "log in" to the switch in order for
them to be able to transmit and receive through the port they are
connected to. APs won't be able to do this.
You don't need Cisco's proprietary LEAP anyhow for 802.1x, be the
clients wireless or wired. EAP-TLS is well supported with Windows XP, as
is (or soon will be, anyone have any more knowledge?) EAP-MD5. That,
also, is the only downside of 802.1x in LANs: bad support. WinXP has
support, but that's all I've heard of.
Someone sent me a private e-mail explaining even WLAN APs can
authenticate to the LAN using 802.1x, but could someone point me to a
link of a product overview where it's specifically stated so? Of course,
you could make your own AP with Linux and some 802.1x client code, but
I'm looking for ready off-the-shelf products.
-- Toni Heinonen, Teleware Oy Wireless +358 (40) 836 1815 Telephone +358 (9) 3434 9123 toni.heinonen@teleware.fi www.teleware.fi---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: Martin Glazer: "Re: Tools for Detecting Wireless APs - from the wire side."
- In reply to: Toni Heinonen: "VS: MORE: Tools for Detecting Wireless APs - from the wire side."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
