Wireless Security
WPA2 Security question Nov 07 2010 02:52PM
Avi Shvartz (avishvartz1 yahoo com) (3 replies)
Re: WPA2 Security question Nov 08 2010 01:11PM
Joshua Wright (jwright hasborg com) (1 replies)
RE: WPA2 Security question Nov 08 2010 05:39PM
Raggo Michael-TCK748 (Mike Raggo motorola com)
Re: WPA2 Security question Nov 07 2010 11:30PM
Richard Farina (sidhayn gmail com)
Avi Shvartz wrote:
> Hello list,
>
> A big finance organization is considering to equip some workers in the branches
> with mobile TABLET devices (WIN 7 based) and using WiFi communication (within
> the branch only).
>
> My initial thought about the network is to use:
> - WPA2 Enterprise: CCMP/AES with RADIUS authentication (not PSK).
> - Decent firewall & IPS between the Access Point and the internal network.
> - Implement 802.1x within the internal network for any device that will slip
> through.
> - MAC filtering (I know.. spooffable.. hard to maintain.. but nevertheless...).
>
> My questions:
> - Any known attacks against WPA2 CCMP/AES & Radius combination ?
>
This is the only attack I know against WPA/Radius. Mostly it is only
attacking misconfiguration but I can think of no better:
http://www.shmoocon.org/2008/videos/PEAP%20Pwned%20Extensible%20Authenti
cation%20Protocol%20-%20Josh%20Wright%20and%20Brad%20Antoniewicz.mp4

Slides are also available all over the web if you google for Josh Wright
Pwning PEAP

You also may wish to consider a Wireless Intrusion Prevention System.
Yes, I am biased (I work for one such company) but the fact remains that
nearly all attacks today revolve around hijacking the clients and a good
WIPS can prevent this (and many more) threats. Might be worth looking
into at least.

Good luck

-Rick Farina
> - Anything I missed in the network layer ?
>
> At the Tablet device:
> - Volume level encryption (keep the key in external USB token).
> - No applications and data in the device (using Citrix client in my case).
> - Remote wipe.
> - Extensive Active Directory GPO usage.
>
> My questions:
> - Anything missing ?
>
>
> Thank you all for your kind answers
>
> Avi
>
>
>
>
>

[ reply ]
Re: WPA2 Security question Nov 07 2010 05:24PM
Grant Moerschel (gm wavegard com)


 

Privacy Statement
Copyright 2010, SecurityFocus