802.11b security

[zykur]

Is there a way to tell if someone is war driving in my network area? Would it be safe to assume the I would see their name come up as available wireless networks on my system?
I understand most of the other security conceps but am unsure if an attacker could remain invisable and still access a remote network.
Thanks,
z

[KorpDeath]

Yes. There is. It's MAC address would show up.

If you use the same brand hardware then the Mac addresses should have the same UID (manufacturers number, the first six(?) numbers in the MAC address).

[zykur]

So would it be safe to say if nothing shows up on the list of available networks nobody is accesing mine?
Thanks,
Z

[KorpDeath]

Pretty much. If you see no errant MAC addresses then you are good to go.

Depending on the wireless product you hcose you should be able to lock it down so it only accepts MAC addresses that you assign it. In other words if the MAC address that tries to connect is not one you assigned it will not give it access. Keep in mind you are still open to MAC address spoofing but it makes it much more difficult to do so since they(war drivers) have no idea of what MAC addresses are allowed.

Hope this helps.

[souleman]

Actually, with some of the newer war driving software, the war driver doesn't show up at all. It doesn't actually send any messages, just listens. Kinda like installing a sniffer.

[KorpDeath]

Well a sniffer is something completely different. That's why with wireless you should always use a VPN.

Take our setup for instance. We have a DSL connection to the internet, All wireless users have Internet access to start, but if they want to acces the corporate net they must install the VPN client to tunnel back through tthe internet to our VPN gate. Of course I'm simplifying ever so slightly but you get the jist of the concept.

Always treat wireless as suspect, never trust it.

[rootman147]

Not really the place but I can't seem to find this info. Which is faster for a web server? SDSL? ADSL? Cable? is it worth it to get T1? How much does that cost?

[PastyPyro]

Does anyone have some good reading on using and securing 802.11b? I'd like to learn more about it and haven't had luck finding any good articles that really explain the thing.

[Aryoche]

You could try this link to get you started. TI has some interesting whitepapers, but they require you to register to get access to them.

http://techupdate.zdnet.com/techupdate/filters/specialreport/0,14622,6022247,00.html

Lots of commentary there, but if you look, there's typically links to references and/or outside sources.

Here's a link to the whitepaper's section:

http://researchcenter.zdnet.com/data...s_10_34_4_2_np

As was said earlier, one of the better ways to secure a Wlan is to utilise WVPN's.

edit: Oops, forgot to post the ling to the TI whitepapers I mentioned:

http://focus.ti.com/docs/apps/catalo...igationId=5245

-Aryoche

[draziw]

Originally posted here by PastyPyro
Does anyone have some good reading on using and securing 802.11b? I'd like to learn more about it and haven't had luck finding any good articles that really explain the thing.

Very, very basically... you should sandbox the WAP from the rest of your network and "secure" it with an ESSID and some sort of encryption key (this key should also be changed VERY regularly - it's not as tough to break in to them as most wireless manufacturers and/or vendors would like you to believe).

Lastly, and this is easily one of the most important pieces , no access should be allowed from that sandboxed WAP off on to any other portion of the network (including the sandboxed area) that doesn't come across a good VPN (preferably one with manually exchanged client-side/server-side certificates). I'd equate any "touchdown" area for a wireless network to any other DMZ, except even less secure.