Re: Discover rogue wireless APs?
- From: The Natural Philosopher <a@xxx>
- Date: Thu, 31 Jan 2008 19:42:40 +0000
Overt wrote:
I haven't had much time to experiment yet, but anybody got an idea for a
way to discover a consumer wireless AP that has been inserted into the
network.
Reason: We had a semi-techie worker in the plant bring his own AP to work
so that he could roam around his area with his laptop. Not a bad idea if
it helps productivity and as long as IT knows about it - which we didn't.
Of course, it had no security set up and was wide open.
Unfortunately his boss and the plant manager can't understand why we are
so upset. They are assuming that we are mad because we have been bypassed
and might not get credit for a good idea. Trying to explain that the
worker has bypassed several thousand dollars worth of firewalls and
security appliances between us and a really nasty world gets nowhere. It
just isn't a big deal to them. At least it wasn't until we disabled the
ethernet port serving his desk.
That incident is fixed, but I am starting to research just how to
autodiscover this the next time it happens. Physical search is out of the
question - the place is far too big. At the far end of the spectrum,
issuing connections based on logged MAC addresses would work, except that
it would be a major administration pain, so that is totally out of the
question. And what happens when some real techie turns his machine into a
PC based accesspoint? Pink slips would help some, but that is not our
call.
Anybody?
Overt
One thing you COULD do is ban wireless altogether, and use some 2.4Ghz jammer to enforce it.
You need it would seem a 2.4Ghz scanner, that would pick up an access point.
It used to be easy to puck up any mac addresses on a network..not so these days. You COULD try a 'ping all stations'. and analyse the returns looking for MAC addrsses knwon to belong to wireless kit. That is of course circumventable by a clever techie.
I suspect that a solution that either puts a faraday cage round everything, jams all 2.4Ghz, or actually knows and will only allow the instertion of valid ethernet card into the network is all you can do.
I would tend towards the latter: What you need is a corporate RADIUS server and smart switches that can interrogate it, and only allow comminications with registered MAC addresses. Or known ones..
That IS hackable around, but that SHOULD be a sackable offence.
It does mean that visitors cant plug into your network and surf the web, but thats no bad thing. It also means every new bit of kit needs to be registered. THAT is no bad thing either, cos if it get nicked you have its 'serial number'
.
- Follow-Ups:
- Re: Discover rogue wireless APs?
- From: Grant Edwards
- Re: Discover rogue wireless APs?
- References:
- Discover rogue wireless APs?
- From: Overt
- Discover rogue wireless APs?
- Prev by Date: Re: Discover rogue wireless APs?
- Next by Date: Re: Discover rogue wireless APs?
- Previous by thread: Re: Discover rogue wireless APs?
- Next by thread: Re: Discover rogue wireless APs?
- Index(es):
Relevant Pages
|
