Theoretical attack:

You have a person who is important who works inside a company on a
laptop. This laptop accepts incoming beacons from any AP and is
vulnerable to the driver exploitation attacks that we've seen. Even
if that laptop is operating over a VPN or a case where there isn't
direct access in just by hopping, the attacker could use the shell and
install a rootkit on the exploited system. From there, the attacker
could steal soft tokens installed on the machine and use a keylogger
to steal password authentication.

Realistically, if you have a shell on a computer with kernel context,
you can do pretty much anything that other users on that computer can
do, right?

Or am I wrong?

On 8/11/06, Roy Atkinson <roy.atkinson (at) jax (dot) org [email concealed]> wrote:
> Actually, the most common setup I've seen is the one we use. Our
> 802.11x network is wide open, campus-wide, and set up as part of our
> "Visitor VLAN." That VLAN does not have access to any internal
> resources, but allows visitors to connect to the Internet. We also
> provide our employees who have laptops with VPN clients, and the VPN
> is required for all internal access--intranet, email, servers, etc.
> We also have 2 WPA2 networks under construction to support other
> wireless devices.
>
> So, you can be in any of our conference rooms, auditoriums, lobbies,
> etc. and get good wireless connectivity, but you can't get internal
> resources without RADIUS authentication.
>
>
> On Aug 11, 2006, at 8:23 AM, Radoslav Dejanoviæ wrote:
>
> > On Thursday 10 August 2006 17:11, Howard Oakley wrote:
> >>> This IS really bad for companies, for they can throw away their
> >>> security measures if all it takes to get the data is a vulnerable
> >>> computer reachable from the car parked outside the well guarded
> >>> building.
> >>
> >> How many corporates actually use wireless networking inside their
> >> firewalls etc.?
> >
> > A LOT!
> >
> > Speaking from my experience, of course.
> > There are mostly two cases in play:
> >
> > a) the company decides they do need wifi access for any reason;
> >
> > b) some manager discovers that there's a way to avoid plugging
> > ethernet
> > cable into the notebook every time (s)he returns to office.
> >
> > Point b is troublesome one. If a company decides they want to use
> > wireless,
> > they would probably have done it correctly, either by having their IT
> > department plan and deploy, or by outsourcing this to some IT company.
>
> ________________________
> Roy Atkinson
> Lead Technical Support Specialist
> IT Department
> The Jackson Laboratory
> 600 Main St.
> Bar Harbor, ME 04609
> 207-288-6665
>
>

--
Sam Pierson

[ reply ]