Wireless Vendor Woes and Shame
Results 1 to 2 of 2

Thread: Wireless Vendor Woes and Shame

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    712

    Post Wireless Vendor Woes and Shame

    Catching up on this month's FW Wiz... semi-intriguing...

    Wireless Vendor Woes and Shame by Ron DuFresne

    (and yes, the pringles can thing is in there... LOL)


    [...]

    Alan pointed out the severity of the "problem" in just our local area by
    mapping out not only many private home wireless deployments, also
    various corporate ones as well as some local government AP's <wireless
    access points>, many without even WEP enabled, but found at least one
    highly visible federal government contractor with a wireless AP deployed,
    again, *without* even WEP enabled![1] This even after the 9/11 attacks
    and recent supposed focus upon security.

    Of course, even with WEP enabled, the way the 802.11b protocol is setup
    and the fact that it's spewed into the airwaves means that valuable
    network information is leaked in just the management packets. SSID's, IP
    address info, and more can be gleaned from only management packets.
    There is no protection from passive sniffing of these packets due to
    network segmenting and the concept is pretty much not applicable to
    wireless Ethernet transmissions. Additionally, neither speaker mentioned
    there are known weaknesses in the SNMP implementations of many of these
    devices subjecting them to further exploit wireless networks via less
    passive intrusion and DDOS attempts.

    [...]
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  2. #2
    Junior Member
    Join Date
    May 2002
    Posts
    1
    This is a topic I work intimately with every day. To summarize my opinion on the business problem without even addressing the technical problems:

    at the office

    Most companies have wireless networks for convenience instead of business need. Because it is cheap and easy to purchase and setup, many wireless APs are installed not by the local administrators, but users who donít implement the security features of the products. The administrators sometimes donít know they are there. This is the same problem we had years ago with people installing modems on their PCs to dial-in after work. War dialing now has become war driving. Companies with secure networks and good security policies are unknowingly being put at risk by employees who want to drink their coffee on the bench outside and surf the web.

    at home

    Many people install an AP at home because it is quicker and easier than running CAT 5 through their house. Since they feel they have no corporate data to protect, they donít apply the security features of the devices. What they donít think about is that their account numbers and name of the bank(s) are probably on their Quicken they use to balance their checkbook. Anyone can associate with their AP and get on their network, or just sniff this information out of the air if they are close enough. Further, some people are supplied laptops from their office. This may have corporate intellectual property or sensitive information on it. There may be a policy against wireless at the office, but you can take your laptop home. There it is vulnerable.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides