[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Detection of Rogue Access Points

Subject: Detection of Rogue Access Points
From: sean at seanharlow.info (Sean Harlow)
Date: Mon, 15 Oct 2012 21:17:11 -0400
In-reply-to: <CAK__KzsFLwNyHk2gS+V8d6o8pmNzYbRGV23b2bHgGnfn0v+sRA@mail.gmail.com>
References: <CAC47Z9mEDndWoNUsXjUNgawifNtv4RXztLZgLZ2SLc4JTe0AGA@mail.gmail.com> <1350267060.2856.133.camel@karl> <[email protected]> <CAC47Z9mdNQeoxz=4xH0hxJkMu+S2qjfgMusFe9GZf4z9o8ex5w@mail.gmail.com> <[email protected]> <CAO0-hXYZGbsz8GxL6BgPWT52n7-n=6RLk6_UEg47xH6+XaWu8w@mail.gmail.com> <CAKrtbvkduWjhf9VJ8mHsiB-gKpjJR6qWMZ1_yJ+0LBSw=LtJEQ@mail.gmail.com> <CAK__KzsFLwNyHk2gS+V8d6o8pmNzYbRGV23b2bHgGnfn0v+sRA@mail.gmail.com>

On Mon, Oct 15, 2012 at 8:44 PM, George Herbert <george.herbert at gmail.com>wrote:

> This solution - the "don't care" solution - almost fails the
> negligence test for certain security regimes including PCI (credit
> cards) and possibly SOX for retail data locations (and HIPPA for
> hospitals / medical locations, etc).
>

Of course, and this is where the situational judgement comes in to play.
 The low-security environments I was envisioning are those more like my own
office, where the only on-site server is basically a homebrew NAS storing
music/movies for slow days.  We've jumped head first in to the Google Apps
system so all files, mail, etc. are there.  Payments and any other
customer-facing services are on servers hosted in a proper datacenter,
never coming close to the office LAN, so our actual risk is basically the
same as that of a home user.  The boss using his laptop on public WiFi
worries me a lot more than someone gaining access to our network.

If you take payments on-premise and transmit them over the network, it's
obviously another story entirely.

References:
- Detection of Rogue Access Points
  - From: quantumfoam at gmail.com (Jonathan Rogers)
- Detection of Rogue Access Points
  - From: kauer at biplane.com.au (Karl Auer)
- Detection of Rogue Access Points
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- Detection of Rogue Access Points
  - From: quantumfoam at gmail.com (Jonathan Rogers)
- Detection of Rogue Access Points
  - From: r.engehausen at gmail.com (Roy)
- Detection of Rogue Access Points
  - From: joe at nethead.com (Joe Hamelin)
- Detection of Rogue Access Points
  - From: sean at seanharlow.info (Sean Harlow)
- Detection of Rogue Access Points
  - From: george.herbert at gmail.com (George Herbert)

Prev by Date: If you are using APNIC as an RPKI trust anchor, please update your Trust Anchor Set.
Next by Date: Internet-wide port scans
Previous by thread: Detection of Rogue Access Points
Next by thread: Detection of Rogue Access Points
Index(es):
- Date
- Thread