RE: Wireless Pent-Test

MJohnst5_at_prdgb.JNJ.com
Date: 10/06/03

  • Next message: Francisco Araujo: "FW: SMTP Survey"
    To: cesadiz@yahoo.com, pen-test@securityfocus.com
    Date: Mon, 6 Oct 2003 18:00:56 +0200 
    
    

    Hey there,

    Here is link to all the wireless tools that you would ever want:

    http://neworder.box.sk/codebox.links.php?&key=wireless

    And have a read on security focus ... they have just posted the 2nd
    installment of creating a wireless security policy. Besides describing
    aspects relative to policy it should give you some ideas on better to secure
    your users wireless Lans.

    Of course WEP is not the most secure thing in the world, but used in
    conjunction with other security methods you could make life for a hacker
    difficult.

    Mark

    -----Original Message-----
    From: Cesar Diaz [mailto:cesadiz@yahoo.com]
    Sent: 05 October 2003 02:16
    To: pen-test@securityfocus.com
    Subject: Wireless Pent-Test

    Remote users in my company have been begging for permission to use wireless
    NICs in their laptops for awhile now. When they are not on the road, most
    of them work from home and would like to be able to use their laptops
    anywhere in their house.

    Due to our industry and business requierements, we have to document every
    process and method used to access our data and prove that we've tested the
    security of our data.In order to let the users go wireless I have to show
    that I've tested the security on a wireless network.

      Our idea is to let the users buy wireless routers to connect to their
    cable/dsl routers and then wireless PCMCIA or USB cards on the laptop. We
    would implement 128 bit WEP security to prevent unauthorized access. I
    realize that WEP does not provide for stringent security, but we feel that
    by forcing users to change their WEP key regularly we can meet our
    requierements.

    My question is, how do I test WEP and document wether or not it's secure?
    Any way to sniff for WEP keys, or to brute force attack a WEP session? If
    there is, how hard is it to set up? How much of a risk of a wireless
    connection with WEP enabled to be comprimised other than a dedicated, brute
    force attack?

    Any information is greatly appreciated.

    Cesar

    ---------------------------------------------------------------------------
    Tired of constantly searching the web for the latest exploits?
    Tired of using 300 different tools to do one job?
    Get CORE IMPACT and get some rest.
    www.coresecurity.com/promos/sf_ept2
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Tired of constantly searching the web for the latest exploits?
    Tired of using 300 different tools to do one job?
    Get CORE IMPACT and get some rest.
    www.coresecurity.com/promos/sf_ept2
    ----------------------------------------------------------------------------


  • Next message: Francisco Araujo: "FW: SMTP Survey"

    Relevant Pages

    • RE: [Full-Disclosure] Wireless ISPs
      ... If they put WEP in, that's one more thing for customer to do and they'll ... Therefore end-user security ... Im using this venue to influence several wireless ISPs ... >> All transactions done via secure websites are ...
      (Full-Disclosure)
    • Re: A home computer is a forensic evidence room
      ... A security plan that first covers recovery, and data protection is key. ... Anyone within range of your wireless transmission could connect to your network and use it or capture your computing sessions. ... reset the wireless router to factory: press and hold reset 20 seconds. ...
      (alt.2600)
    • Re: Wi-Fi: Essential Checklist
      ... email and passwords that are sniffable via wireless ... treated in the same way when dealing with security. ... I have 5 VPN clients on my Verizon XV6700 cell phone running Windoze ... Most modern laptops will boot from USB, ...
      (alt.internet.wireless)
    • Re: wireless network security best practice?
      ... >> look at the type of traffic you're running on your wireless network, ... >> both in terms of security sensitivity and traffic volume. ... >> One of the big issues with wireless is that your radio waves from your ... >> at a time to gather enough data to crack my 128 bit WEP code. ...
      (comp.os.linux.networking)
    • Re: WAP or WEP
      ... networked computers, printers, etc have to share the same level of encryption? ... No Security ... The documentation of your Wireless devices (Wireless Router, ... WEP, to whole system must be configured to WEP. ...
      (microsoft.public.windowsxp.network_web)