[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Detection of Rogue Access Points

Subject: Detection of Rogue Access Points
From: sean at seanharlow.info (Sean Harlow)
Date: Mon, 15 Oct 2012 20:29:32 -0400
In-reply-to: <CAO0-hXZAv-TrByy-8Ud9Xz4ssdVyFEFGRQ_xtHNSkiKMG16sJQ@mail.gmail.com>
References: <CAC47Z9mEDndWoNUsXjUNgawifNtv4RXztLZgLZ2SLc4JTe0AGA@mail.gmail.com> <1350267060.2856.133.camel@karl> <[email protected]> <CAC47Z9mdNQeoxz=4xH0hxJkMu+S2qjfgMusFe9GZf4z9o8ex5w@mail.gmail.com> <[email protected]> <CAO0-hXYZGbsz8GxL6BgPWT52n7-n=6RLk6_UEg47xH6+XaWu8w@mail.gmail.com> <CAKrtbvkduWjhf9VJ8mHsiB-gKpjJR6qWMZ1_yJ+0LBSw=LtJEQ@mail.gmail.com> <CAO0-hXZAv-TrByy-8Ud9Xz4ssdVyFEFGRQ_xtHNSkiKMG16sJQ@mail.gmail.com>

On Mon, Oct 15, 2012 at 7:31 PM, Joe Hamelin <joe at nethead.com> wrote:

> Jonathan stated that they have health data on the network and only company
> issued devices are allowed.  I would suggest to him that he inventory the
> equipment via MAC address (I'm guessing that it's mostly standard issue
> stuff that would be easy to recognize) and then lock down unused ports and
> setup up monitoring. If a new MAC appears on the network, then it better
> have been sent there by IT.
>

I won't argue with that.  When no official wireless network is involved, a
MAC whitelist can be very effective.  It'll catch any casual user
attempting to homebrew a WiFi setup and significantly increase the odds of
detecting an actual attacker.  Even if the switches are at the lowest end
of "smart" and only expose a web interface it's not too hard to rig up a
screen scraper to list the connected devices on a regular basis and alert
if anything new is seen.  I'd expect that there are probably at least a
dozen commercial and/or open source tools that already exist for the
purpose, actually.

References:
- Detection of Rogue Access Points
  - From: quantumfoam at gmail.com (Jonathan Rogers)
- Detection of Rogue Access Points
  - From: kauer at biplane.com.au (Karl Auer)
- Detection of Rogue Access Points
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- Detection of Rogue Access Points
  - From: quantumfoam at gmail.com (Jonathan Rogers)
- Detection of Rogue Access Points
  - From: r.engehausen at gmail.com (Roy)
- Detection of Rogue Access Points
  - From: joe at nethead.com (Joe Hamelin)
- Detection of Rogue Access Points
  - From: sean at seanharlow.info (Sean Harlow)
- Detection of Rogue Access Points
  - From: joe at nethead.com (Joe Hamelin)

Prev by Date: Detection of Rogue Access Points
Next by Date: Detection of Rogue Access Points
Previous by thread: Detection of Rogue Access Points
Next by thread: Detection of Rogue Access Points
Index(es):
- Date
- Thread