Thanks for all the good info about wireless security. I have one philosophical comment, one semi-technical comment, and one question:
Philosophical: It amazes me that companies (especially small companies) don't want to hear about their security vulnerabilities. I see that a lot too. It means your business plan will have to include a lot of up front salesy type stuff to convince people that they really have a problem. Semi-technical: As you mentioned, WEP is quite crackable. Some people in the industry are outraged that the IEEE let it out the door. See this good WEP FAQ from UC Berkeley: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html Question: Is Cisco's LEAP better than WEP? Does it have the same purpose but without some of the issues? I should know this, but I don't use Cisco for wireless (shame, shame). Thanks for all your excellent advice. Priscilla At 12:02 PM 6/25/02, Stephen Manuel wrote: >Neil and others, > >Recently I installed in my home a linksys wireless router/switch/ap, it >works great, yes I have wep enabled. > >After installing the equipment, I became really interested in wireless >networking, reading some books, looking for a certification track, scouring >websites, etc... > >I downloaded netstumbler and acquired all the necessary equipment to do some >serious wardriving. I've logged over 300 AP's, mapped them using Stumverter >and MS Mappoint 2002, it gets down to what side of the street the AP was on, >just to add a little spice to the situation, I've got netstumbler to play a >.wav file when it finds an AP. > >Amazingly, 75% of the AP's I've found don't have web enabled. A rather large >number of the AP's use the company name as the SSID or use the vendor >default SSID, ie. tsunami for Cisco. > >I'm convinced this whole area of wireless networking is wide open to be >farmed for business. I've been trying formulate a business plan to approach >businesses to help them install a wireless infrastructure properly and setup >security measures for those companies already in the wireless business >without implementing security. > >What my research has shown me so far is that without upper managements >support for strict policies with regards to the installation of AP's the >company is playing a game of russian roulette because the current Wireless >Implementation is FULL of security holes. > >Depending on how much security you want to implement here's what I would >recommend. > >Enable WEP - however airsnort a linux utility can crack wep in a relatively >short time > >Disable the SSID Broadcast - most AP's have this option, this will prevent >netstumbler from picking up the presence of the AP which makes it a little >more difficult to associate with the AP. Kismet is a linux utility that will >still detect the presence of the AP by passively sniffing for the wireless >packets. > >MAC Filtering - enable it but most AP and Wireless cards allow you to spoof >the MAC address, meaning a wireless sniffer like ethereal can sniff out a >few MAC addresses and a hacker can use one to gain access. > >Place the AP outside of the firewall > >Create VPN access for those wireless clients needing access to internal >servers. > >I'm sure others have done work in this area and can add to the discussion. > >BTW, interesting enough the first 3 companies I approached about the >unsecure AP's, 1 denies having wireless networking installed, 2 ignored me. > >HTH, > >Stephen Manuel > > > > >----- Original Message ----- >From: "Neil Borne" >To: >Sent: Tuesday, June 25, 2002 8:52 AM >Subject: Re: Rogue Wireless LANs [7:47287] > > > > The problem that I am coming accross is that some of my customers take the > > wireless gear outta the box and plug it in and when they figure that work > > with factory defaults they leave it alone....then all of a sudden someone > > pulls up in the front yard and starts snooping around. > > > > One thing you can do is WEP and depending on the vendor try some filtering > > by mac, ssid, or protocol... > > > > > > You will have do some serious lockdown measures when its a internal user >as > > opposed to outside users....... > > > > > > But like the last email stated if things get bad use netstumbler but be > > careful from the last I heard it works with only some wireless cards... > > > > > > >From: "Patrick Donlon" > > >Reply-To: "Patrick Donlon" > > >To: [EMAIL PROTECTED] > > >Subject: Rogue Wireless LANs [7:47287] > > >Date: Mon, 24 Jun 2002 11:48:48 -0400 > > > > > >I've just found a wireless LAN set up by someone in the building, I found > > >it > > >by chance when I was checking something with a colleague from another >dept. > > >The WLAN has zero security which is not a surprise and lets the user into > > >the main LAN in the site with a DHCP address served up too! Does anyone > > >have > > >any tips on preventing users and dept's who don't think about security >from > > >plugging whatever they like into the network, > > > > > >Cheers > > > > > >Pat > > > > > > > > > > > >-- > > > > > >email me on : [EMAIL PROTECTED] > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp. ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47396&t=47287 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]