Wireless Security
WPA2 Security question Nov 07 2010 02:52PM
Avi Shvartz (avishvartz1 yahoo com) (3 replies)
Re: WPA2 Security question Nov 08 2010 01:11PM
Joshua Wright (jwright hasborg com) (1 replies)
RE: WPA2 Security question Nov 08 2010 05:39PM
Raggo Michael-TCK748 (Mike Raggo motorola com)
In addition to Josh's great points, a mature WIDS/WIPS will allow you to
detect extrusions as well (e.g. tablet accidental association to a
neighboring or malicious AP).

In addition, the WIDS/WIPS should allow you to detect Windows 7 Virtual
WiFi available in all PC (and tablet in this case) versions of Windows 7
(Starter thru Ultimate). If someone was crafty enough, they could easily
goto the DOS prompt and enable this, and use the Virtual WiFi to share
your wireless out to unauthorized users, with a weaker scheme (e.g.
WPA-PSK or weaker). Effectively making their Tablet PC a Rogue AP...

- Mike

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Joshua Wright
Sent: Monday, November 08, 2010 8:11 AM
To: wifisec (at) securityfocus (dot) com [email concealed]
Subject: Re: WPA2 Security question

On 11/7/2010 9:52 AM, Avi Shvartz wrote:
> A big finance organization is considering to equip some workers in the
> with mobile TABLET devices (WIN 7 based) and using WiFi communication
> the branch only).
> My initial thought about the network is to use:
> - WPA2 Enterprise: CCMP/AES with RADIUS authentication (not PSK).
> - Decent firewall & IPS between the Access Point and the internal
> - Implement 802.1x within the internal network for any device that
will slip
> through.
> - MAC filtering (I know.. spooffable.. hard to maintain.. but

Instead of working with MAC filtering, I'd follow Rick's advice and
invest in a Wireless IDS. The WIDS will provide a lot of added benefit,
not the least of which helping you identify when a new previously
unrecognized MAC address is observed on the network. A lot of WiFi
attackers will start with their natural address for recon and basic
attacks before changing their MAC for more advanced attacks. This gives
you an opportunity to identify some information about the attacker,
which could also be useful for later forensic analysis as well.


[ reply ]
Re: WPA2 Security question Nov 07 2010 11:30PM
Richard Farina (sidhayn gmail com)
Re: WPA2 Security question Nov 07 2010 05:24PM
Grant Moerschel (gm wavegard com)


Privacy Statement
Copyright 2010, SecurityFocus