Re: Wireless security question
From: Michael Puchol (mpuchol_at_sonar-security.com)
Date: 12/24/04
- Previous message: FocusHacks: "Lots of incoming traffic on UDP 1026 and UDP 1027?"
- In reply to: Rob McShinsky: "RE: Wireless security question"
- Next in thread: Gross Barry D.: "RE: Wireless security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Dec 2004 08:59:33 +0100 To: security-basics@securityfocus.com
Hi Rob,
Just FYI, Netstumbler scans by sending probes, and some APs are
configured not to respond to probes (some Intel ones for example do this
by default) - this means Netstumbler won't see those. If you are going
to scan for security, and not for fun (wardriving, for example), I
recommend Kismet, and if you have the budget, AiroPeek NX or AirMagnet -
they are tailored to provide specific alarms to situations you can define.
As for the matter at hand, I would harden GPs as you mention regarding
hardware and network rights.
Another thing you could do is disable the TCP/IP stack in the wireless
adapter's configuration, that would certainly sterilize it.
Best regards,
Mike
mother@netstumbler.com
Rob McShinsky wrote:
> If you have a Windows Domain and these machines are on that domain, you can
> put a Group Policy in place that will disable the computers ability to
> bridge connections, share connections, etc... Doing regular sweeps with a
> product like netstumbler throughout your facilities can also find your
> problem machines. These along with a known written company policy should
> cover the company legally at least.
>
> Rob
>
> -----Original Message-----
> From: Steve [mailto:securityfocus@delahunty.com]
> Sent: Wednesday, December 22, 2004 5:56 PM
> To: Marty; Sec Basic
> Subject: Re: Wireless security question
>
> Policy against wireless, including cards. Remove his wireless card.
>
> One risk you have is his laptop latching on to hostile networks, once with
> worms/viruses, as well as the threat you note.
>
>
>
> ----- Original Message -----
> From: "Marty" <groupecci@yahoo.ca>
> To: "Sec Basic" <security-basics@securityfocus.com>
> Sent: Wednesday, December 22, 2004 11:57 AM
> Subject: Wireless security question
>
>
> Hi gang!
>
> Here is a question for you...
>
> We have a secure network with no wireless
> connections whatsoever.
>
> One of our laptop came in with credentials to log
> on to the network through the Ethernet cable BUT
> the person had just added a wireless card to his
> laptop.
>
> This situation actually came up and the person
> could see external wireless networks (from other
> companies around our building) and access
> Internet through there. Yeah I know they're
> stupid, but it's the real world!
>
> This seems like a potential threat for taking our
> data out the back door.
> Copy files accessed through our network to
> another network and voilà! No trace at all of the
> mischief.
>
> We monitor internet access and block non-company
> Email (Yahoo, Hotmail etc.).
>
> Suggestions?
>
> Thanks and Happy Holidays!
>
> Marty!
>
>
> __________________________________________________________
> Lèche-vitrine ou lèche-écran ?
> magasinage.yahoo.ca
>
>
>
>
>
>
>
>
- Previous message: FocusHacks: "Lots of incoming traffic on UDP 1026 and UDP 1027?"
- In reply to: Rob McShinsky: "RE: Wireless security question"
- Next in thread: Gross Barry D.: "RE: Wireless security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|