RE: Wireless access

• Previous message: Dpto. de Internet- Jose J. Pedrajas: "Fw: Wireless: 802.11 - FHSS systems"
• In reply to: Robert Mezzone: "RE: Wireless access"
• Next in thread: Joe Thompson: "RE: Wireless access"
• Reply: Joe Thompson: "RE: Wireless access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Robert Mezzone <Robert.Mezzone@PJSolomon.Com>
Date: Fri, 26 Mar 2004 17:43:00 -0700

If it's only for visitors, I would suggest getting an inexpensive
wireless router. Give it its own public IP and have it go out onto the
Internet completely separate from your corporate network. Make sure
though, if you have mobile users that have built-in wireless that they
don't have it turned on while in the office, otherwise you'd create a
gateway onto your network without knowing it.

Kenton

On Fri, 2004-03-26 at 14:42, Robert Mezzone wrote:
> How do you handle wireless network security in a corporate environment? A
> couple of the people here want me to setup a wireless network so visitors
> can setup there laptop in a conference room, or anywhere in the office and
> connect to the network, internet not our internal network. I'm not to
> comfortable with this idea but I don't have the final say. It sounds like I
> would have to leave MAC access control turned off, or obtain the users MAC
> address then enter it into control list, and also provide the visitor with
> the SSID and the WEP password. Am I correct in this assumption. Wireless
> networking was suppose to make things easier in their eyes. Unless I leave
> everything wide open it's probably easier to plug an Ethernet cable in the
> PC.
>
> -----Original Message-----
> From: Peter Martin [mailto:Peter.Martin@macquarie.com]
> Sent: Friday, March 26, 2004 12:45 AM
> To: Paul John Summers; security-basics@securityfocus.com
> Subject: RE: Wireless access
>
> Most, if not all wireless access points and/or routers will have built-in
> MAC access control. Usually very simple - just turn it on and add the
> addresses you wish to allow access.
>
> The problem is, like you said, that it is very easy to spoof a MAC address
> and get around this security. However, for home users, setting an SSID (and
> NOT something recognisable like "John Smith Home Internet Share"), turning
> on WEP (or WPA if the devices support it) encryption with a non-easily
> guessed password, and setting MAC access control; should be more then enough
> for a user to feel safe.
>
> Regards,
> Peter Martin
> Network Engineer
>
> -----Original Message-----
> From: Paul John Summers [mailto:paul_john_summers@hotmail.com]
> Sent: Friday, 26 March 2004 6:27 AM
> To: security-basics@securityfocus.com
> Subject: RE: Wireless access
>
>
> And addendum to that question, do any wireless routers contain tools so that
> you can block all but specific hardware addresses? That is, my home wireless
> router would block all but my hardware address, much like hard-wired
> networks often require registration of hardware addresses before allowing a
> new system to access it. I do believe there are methods of spoofing hardware
> addresses but that aside, do wireless routers have capabilities for this
>
> sort of thing that a home user could easily administer to better secure
> their home network?
>
> Disclaimer: I'm also a newbie so please forgive any misconceptions or false
> assumptions!
>
>
> From: "Bruyere, Michel" <mbruyere@ezemcanada.com>
> To: security-basics@securityfocus.com
> Subject: Wireless access
> Date: Thu, 25 Mar 2004 08:36:05 -0500
>
> Hi,
> I have a user who uses a wireless network at home. He just asked
> me
> (it's a director) to find a way to avoid his laptop (Toshiba tecra
> running
> XP Pro) connecting on the neighbor's router instead of his. He has a
> D-Link
> 614+, I don't know this model at all so I'm asking you guys if you know
> a
> way to restrict his laptop to only HIS router.
>
> As you can see, I'm not very familiar with Wireless :/
>
> Thanks for any inputs
>
> M.Bruyere
> Network/systems administrator
> CompTIA A+, Network+
>
>
> ------------------------------------------------------------------------
> ---
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
> off
> any course! All of our class sizes are guaranteed to be 10 students or
> less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of
> in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------
> ----
>
> _________________________________________________________________
> Get rid of annoying pop-up ads with the new MSN Toolbar - FREE!
> http://toolbar.msn.com/go/onm00200414ave/direct/01/
>
>
> ------------------------------------------------------------------------
> ---
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
> off
> any course! All of our class sizes are guaranteed to be 10 students or
> less
> to facilitate one-on-one interaction with one of our expert instructors.
>
> Attend a course taught by an expert instructor with years of
> in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
>
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------
> ----
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Dpto. de Internet- Jose J. Pedrajas: "Fw: Wireless: 802.11 - FHSS systems"
• In reply to: Robert Mezzone: "RE: Wireless access"
• Next in thread: Joe Thompson: "RE: Wireless access"
• Reply: Joe Thompson: "RE: Wireless access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]