On Sat, Mar 9, 2013 at 4:25 PM, Robert Portvliet <[email protected]> wrote: > When you say WPA/WPA2, are you using PSK or EAP for authentication? If EAP, > what EAP type will be in use? (PEAP, EAP-TTLS, EAP-TLS, etc.). Attack > vectors vary significantly based on this.
AFAIK, EAP-TLS. I assume this 3rd network (for > external people), will be firewall/VLAN segregated once it hits your wired > network, but are these servers you speak of used by your internal employees > as well? Correct. > > On Sat, Mar 9, 2013 at 7:36 AM, C. L. Martinez <[email protected]> wrote: >> >> On Sat, Mar 9, 2013 at 3:48 AM, Doug Chesterman >> <[email protected]> wrote: >> > Are you talking about auditing the wireless portion of the network or >> > monitoring it with a (W)IDS/IPS? >> > >> > There are commercial WIDS/WIPS, Motorola makes Air Defence and there are >> > others as well. >> > >> > How you audit your wireless network will depend on the risks that >> > wireless pose to your organization and how they are being managed. >> > >> > The security of your APs is not the only risk, you may want to also >> > think about the configuration of wireless devices and whether they can >> > associate with an attacker's rogue AP. >> > >> > Do you monitor for people in your org who connect their own consumer >> > wireless router? >> > >> > Doug >> > >> >> >> Two of these AP will be used by internal users to onnect their mobile >> phones and tables. The other AP will be used by external people to >> connect to some servers in our internal infrastructure. The real risk >> is with this third AP: we want to monitor all connections in this AP, >> and control in all AP, that WPA/WPA2 is not cracked, for example. To >> reach this state, previously we want to delimit all risks: cracking >> WPA/WPA2, checking firewall rules are ok, IDS monitors and trigger >> correct alerts .... >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
