Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Wired detection of rogue access points

from [Eric Hacker] Network Security [Permanent Link]
Subject: Re: Wired detection of rogue access points
Date: Thu, 29 Mar 2007 14:21:37 -0400
On 3/28/07, Adam Graham <agraham@datastreamcowboys.net> wrote: 
Why is everyone concentrating on MAC filtering..... MAC filters are just a
front line first wave deterrent.


There are two main problems here.

One the administrative difficulties of any MAC based solution quickly
outweigh the benefits.

More importantly, Ethernet ONLY has MAC authentication. It doesn't
matter that all your legitimate access points are outside the firewall
if all you LAN ports are inside and my rouge access point is on one of
those.

From that perspective, 802.11 is more secure than 802.3. Even with 
WEP, one has to expend some effort trying to crack keys. On Ethernet,
all one needs is the MAC. Ethernet is wide open, except that it is
physically harder to get to than wireless.

Any authentication layered on top of Ethernet cannot stop a motivated
attacker unless it authenticates every single packet. That means
encryption or at least IPSec AH. All 802.1x does is force an
authentication every now and then of the MAC and or IP address. If one
is worried about financially motivated espionage, that is not good
enough.

That's why the focus on MAC address is so important. Too many people
think that it is way more valuable than it is.

The network is defined layers. Security must be applied in layers. If
you don't understand the security of a given layer, then it must be
considered worthless as far as what you know. Assume you know and
you're sure to fall.

One can attempt to rebuild the levies protecting New Orleans and hope
they'll hold next time, but one must also begin to restore the natural
wetlands that used to protect New Orleans before the 20th century.
Sure levies provide some protection, but defense in depth of hundreds
of square miles of protection is the only viable long term solution.
If the levies reduce the political will to rebuild the wetlands, then
they have already failed.

Regards,
--
Eric Hacker, CISSP

aptronym (AP-troh-NIM) noun
A name that is especially suited to the profession of its owner

I _can_ leave well enough alone, but my criteria for well enough is
pretty darn high.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SV: Bittorrent - utorrent, Ove Dalgård Hansen
Next by Date:  RE: Wired detection of rogue access points, Adam Graham
Previous by Thread:  RE: Wired detection of rogue access points, Adam Graham
Next by Thread:  RE: Wired detection of rogue access points, Adam Graham
Indexes:  [Date] [Thread] [Top] [All Lists]