Unconfigured Ad Widget

Collapse

Announcement

Collapse
No announcement yet.

Combatting Wireless Security Threats

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Combatting Wireless Security Threats

    ** This thread discusses the article: Combatting Wireless Security Threats **
    ** This thread discusses the Content article: Combatting Wireless Security Threats0

  • #2
    Re:Combatting Wireless Security Threats

    ** This thread discusses the article: Combatting Wireless Security Threats **
    What about giving 2 different access levels to the WiFi network? I'm used to enabling onto the AP / WiFi router a dhcp server with just the "always running"* pre-listed MAC-address of the legitimate PCs in the house as this article well pointed out. So each of these MAC-address got its IP from a special range that the firewall later permits full intranet access. Besides that, the dhcp server could have only "3" extra IP address on its pool (like vis01, vis02 and vis03). Despite being valid intranet addresses, these IP (e.g., vis01) will got only full (and logged) internet access (or misguided access to a fake honey pot server to help wasting intruder's time), not touching the intranet services at all. As they belong to an AP, they can't directly access the other PCs onto the wired/privileged intranet, except by either using specialized peer to peer software, or by exploiting a service hosted on the others AP's stations. The first usually requires previous access to the other PCs, the later can be controlled being concerned that the other AP's stations should be configured not sharing any of its resources, working as if they were a thin client. The question is: if the intruder gets internet access, will he be happy with it and let our intranet in peace? Hopefully in the case of the WiFi network being compromised, the intruder will go only to the internet and we may get some extra time to review our security scheme and taking the proper defense measures. Other than that, having a dhcp server available may come in handy when replacing or expanding the PCs in the house to be served by the AP, or when a real developer/vendor visiting the house needs internet access, in which case they can get just ask our SSID / WPA PSK to start using it. Not to mention the benefits of always taking for real a chance of being compromised, keeping our heads up to misuses and abuses of the [exposed] network. *) In practice it's not really always on: the firewall (BTW, I'm referring to the OpenBSD PF) will take care of just allowing access during pre-configured work hours plus a 45 minutes tolerance, just in case the customer lets the AP always on.

    Comment

    Working...
    X