RE: Wireless access

From: Robert Mezzone (Robert.Mezzone_at_PJSolomon.Com)
Date: 03/26/04

  • Next message: Glenn English: "Re: Public Web server Help" 
    To: security-basics@securityfocus.com
Date: Fri, 26 Mar 2004 16:42:16 -0500

    How do you handle wireless network security in a corporate environment? A
    couple of the people here want me to setup a wireless network so visitors
    can setup there laptop in a conference room, or anywhere in the office and
    connect to the network, internet not our internal network. I'm not to
    comfortable with this idea but I don't have the final say. It sounds like I
    would have to leave MAC access control turned off, or obtain the users MAC
    address then enter it into control list, and also provide the visitor with
    the SSID and the WEP password. Am I correct in this assumption. Wireless
    networking was suppose to make things easier in their eyes. Unless I leave
    everything wide open it's probably easier to plug an Ethernet cable in the
    PC.

    -----Original Message-----
    From: Peter Martin [mailto:Peter.Martin@macquarie.com]
    Sent: Friday, March 26, 2004 12:45 AM
    To: Paul John Summers; security-basics@securityfocus.com
    Subject: RE: Wireless access

    Most, if not all wireless access points and/or routers will have built-in
    MAC access control. Usually very simple - just turn it on and add the
    addresses you wish to allow access.

    The problem is, like you said, that it is very easy to spoof a MAC address
    and get around this security. However, for home users, setting an SSID (and
    NOT something recognisable like "John Smith Home Internet Share"), turning
    on WEP (or WPA if the devices support it) encryption with a non-easily
    guessed password, and setting MAC access control; should be more then enough
    for a user to feel safe.

    Regards,
    Peter Martin
    Network Engineer

    -----Original Message-----
    From: Paul John Summers [mailto:paul_john_summers@hotmail.com]
    Sent: Friday, 26 March 2004 6:27 AM
    To: security-basics@securityfocus.com
    Subject: RE: Wireless access

    And addendum to that question, do any wireless routers contain tools so that
    you can block all but specific hardware addresses? That is, my home wireless
    router would block all but my hardware address, much like hard-wired
    networks often require registration of hardware addresses before allowing a
    new system to access it. I do believe there are methods of spoofing hardware
    addresses but that aside, do wireless routers have capabilities for this

    sort of thing that a home user could easily administer to better secure
    their home network?

    Disclaimer: I'm also a newbie so please forgive any misconceptions or false
    assumptions!

    From: "Bruyere, Michel" <mbruyere@ezemcanada.com>
    To: security-basics@securityfocus.com
    Subject: Wireless access
    Date: Thu, 25 Mar 2004 08:36:05 -0500

    Hi,
            I have a user who uses a wireless network at home. He just asked
    me
    (it's a director) to find a way to avoid his laptop (Toshiba tecra
    running
    XP Pro) connecting on the neighbor's router instead of his. He has a
    D-Link
    614+, I don't know this model at all so I'm asking you guys if you know
    a
    way to restrict his laptop to only HIS router.

    As you can see, I'm not very familiar with Wireless :/

    Thanks for any inputs

    M.Bruyere
    Network/systems administrator
    CompTIA A+, Network+

    ------------------------------------------------------------------------ 

    ---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the 
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----
_________________________________________________________________
Get rid of annoying pop-up ads with the new MSN Toolbar - FREE! 
http://toolbar.msn.com/go/onm00200414ave/direct/01/
------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
  • Next message: Glenn English: "Re: Public Web server Help"

    Relevant Pages

    • RE: Wireless Audit Cost
      ... "complete analysis" - to me this means that a full audit of both ... the wired and wireless networks is taking place. ... network off the internal LAN. ... >network has the usual security measures in place, ...
      (Pen-Test)
    • RE: Wireless access
      ... To setup wireless to allow guests to access the network while authorized ... employees can access your corporate network, you will need to setup VLANs ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: Wireless security question...
      ... > related to wireless security. ... to the computer on that network that's a little different, ... Can this hacker take control of the wireless laptop? ... but it depends on the security running on said laptop..if they have ...
      (Security-Basics)
    • Re: Wi-Fi: Essential Checklist
      ... I prefer, and heartily recommend, regardless of wireless encryption, ... the most basic and easist form of security, which in this case is WPA. ... Is it access to the network? ... will protect your network from sniffing. ...
      (alt.internet.wireless)
    • Re: Using a home T-1 line to evade company filtering
      ... installing the wireless card would ... network policy - if you had, you would know that most companies don't ... allow employees to bring in their own computers for security reasons. ...
      (comp.security.firewalls)