Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: corp wireless defence

  1. #1
    Junior Member
    Join Date
    Nov 2008
    Posts
    35

    Default corp wireless defence

    we have a number of users who are not office based, to make things easier for them they they are allowed to connect to ad-hoc networks and non preferred networks.

    we also have had a few issues with rouge access points, some are from inside the office and some are from near by hotels

    The main problem i have is with the rouge access points has anyone got a good solution to block the access points ? as we cant set the laptops to only connect to preferred networks etc

  2. #2
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by o0hex0o View Post
    we have a number of users who are not office based, to make things easier for them they they are allowed to connect to ad-hoc networks and non preferred networks.

    we also have had a few issues with rouge access points, some are from inside the office and some are from near by hotels

    The main problem i have is with the rouge access points has anyone got a good solution to block the access points ? as we cant set the laptops to only connect to preferred networks etc
    The whole point of a rogue access point is to pretend to be a good access point. Kinda hard to block one without blocking the other.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  3. #3
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    Force ALL traffic via VPN.

    I'm forced to use ATT VPN in work and the latest client has an option to connect to a AP and then start are VPN connection before even login into Windows.

  4. #4
    Junior Member
    Join Date
    Nov 2008
    Posts
    35

    Default

    VPN could be a good solution and i will look in to this

    i was thinking i may be able to try to connect to the rouge access points and use up all the DHCP addresses
    Our current APs require a device cert to connect so they would not be affected.

  5. #5
    Good friend of the forums
    Join Date
    Feb 2009
    Posts
    356

    Default

    VPN is the *only* solution. Also, don't fall lower than WPA2.

  6. #6
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by o0hex0o View Post
    VPN could be a good solution and i will look in to this

    i was thinking i may be able to try to connect to the rouge access points and use up all the DHCP addresses
    Our current APs require a device cert to connect so they would not be affected.
    So this is local?
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  7. #7
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by o0hex0o View Post
    VPN could be a good solution and i will look in to this

    i was thinking i may be able to try to connect to the rouge access points and use up all the DHCP addresses
    Our current APs require a device cert to connect so they would not be affected.
    I think you need to define rogue.

    A rogue would be either a malicious AP that's intended to interfere with your network, or an AP that someone has in their office that is not officially sanctioned by the IT department.

    A rogue is not a neighbor that has their own AP and is using it in normal legal means. You'd have no right to interfere with someone else using their AP in a normal legal matter.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  8. #8
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by streaker69 View Post
    I think you need to define rogue.

    A rogue would be either a malicious AP that's intended to interfere with your network, or an AP that someone has in their office that is not officially sanctioned by the IT department.
    And if it fits the definition as streaker outlined, then you ought to be more proactive about finding and disabling the rogues. After all, they are then malicious or unsanctioned devices on YOUR network.

    A baseball bat is an effective countermeasure for disabling rogue APs.
    Thorn
    Stop the TSA now! Boycott the airlines.

  9. #9
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by Thorn View Post
    And if it fits the definition as streaker outlined, then you ought to be more proactive about finding and disabling the rogues. After all, they are then malicious or unsanctioned devices on YOUR network.

    A baseball bat is an effective countermeasure for disabling rogue APs.
    I find just ripping them out of the wall works well too.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  10. #10
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    I have a feeling that what he means by rogue is people trying to phish connections from their workers with AP names like "Free WiFi" If that is the case then there really isnt anything you can do besides jamming those channels that will stop your employees from connecting to outside networks. Thats not really a viable option...

    If by rogue you mean APs that are un authorized and CONNECTED to your network, the baseball bat option seems best.

    If however you mean an evil, or spoofed AP (one created to be a clone of your corperate AP, same BSSID and ESSID) then you could probably get the cops/FBI involved since I believe that constitutes unauthorized wiretapping.
    Morpheus: "You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes."

    Neo: "What if I take both?"

    Morpheus: "Don't do that! You end up like Nick Nolte!"

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •