ssh - AN Security, Authentication, and more...

From: Alvin Oga (
Date: 05/11/04

  • Next message: Lyle Worthington: "VPN with LDAP support"
    To: (James Kelly)
    Date: Tue, 11 May 2004 08:01:41 -0700 (PDT)

    hi ya

    > tom jones wrote:
    > | Hello,
    > | 1. Security Controls
    > | What have you seen / implemented as a standard for
    > | wireless security? I know LEAP is out of the question
    > | due to the dictionary attack vulerability. Possibly
    > | PEAP or some other 802.1x standard?
    > If you are in an environment which needs to be highly secured, you may
    > want to use something like IPSec.

    > | Authentication - I usually see authentication through
    > | the DMZ to a back end Radius or Active Directory
    > | server. Any other options?
    > I have heard good things about NoCatAuth, although I have no used it
    > yet. Maybe others on the list can comment on that.

    dumb quetion:
            what's wrong with simple ssh logins for "authentication" ?

            lptop ssh's into the linux-based-access-point with only sshd

    > | 2. How have you detered users from using their
    > | laptops at the local coffee shop?

    imho, i'd add colos, vpns and hotels to the list

    as someone else ( next to you ) can follow you into
    the secure corp network from an insecure colo/starbucks/home

    > I understand the need to be secure, but I think this is being over
    > paranoid.

    its not an issue until the cracker happens to read "somebody important's"
    email or passwd or see the contents of their disks

    > As long as you can assure the connection is secure,

    that's the whole point .... wireless is completely insecure and cracked

    > | 3. Rogue Wireless Detection - I have done much
    > | reading on this subject and would like to know how you
    > | all tackle this issue. Some suggest cool toys like
    > | AirDefense, etc. Others suggest some sort of MAC
    > | monitoring on switches/routers.
    mac address is worthless and is reconfigurable

    > I am a fan of walking
    > | around with Kismet every few weeks. The major issue I
    > | have encountered with walking around is the problem of
    > | neighboring buildings (in a downtown environment).

    and you find interesting stuff ??

    > | It's easy enough to find the APs you know about, but
    > | finding a rogue AP connected to your network becomes a
    > | challenge with all of the other APs popping up.

    and if you break into one ap, you can probably break into
    toher equivalent AP since its around by the gazillions
    and is made by a handful of manufacturers all using
    bad defaults

    have fun

    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:

  • Next message: Lyle Worthington: "VPN with LDAP support"