Home page logo

basics logo Security Basics mailing list archives

RE: WiFi security implications
From: "dave kleiman" <dave () isecureu com>
Date: Tue, 9 Dec 2003 18:23:59 -0500


He means on some AP's you can adjust the strength of the Beacon, so let say
you can turn it down low enough where it only emits for 50 feet.

There is an option on the connection for your wireless, in XP that says let
Windows Handle This Connection, if you uncheck it you should see the
features for SSID etc...

Imagine that Microsoft thinks that you want your wireless connection set to
AUTO find, sounds like they are really going after that new "security"

Dave Kleiman, CISSP, MCSE, CIFI
dave () isecureu com

"High achievement always takes place in the framework of high expectation."
Jack Kinder


-----Original Message-----
From: Oliver Rebollido [mailto:ORebollido () fenwick com] 
Sent: Tuesday, December 09, 2003 10:54
To: Security Newsletters-TM; security-basics () securityfocus com
Subject: RE: WiFi security implications

Hash: SHA1

When you mentioned "Remove the beacon, or minimize it", what did you mean by
"minimize it"?  The only options I've been able to do with the beacon on a
Cisco 1200AP is either off or on.  When I had the beacon off, some users on
WinXP complained they couldn't get on because WinXP couldn't find the AP.
WinXP didn't give them the options of putting in their own SSID and WEP key.


- -----Original Message-----
From: Security Newsletters-TM [mailto:SecurityNewsletters.tm () telus com]

Sent: Monday, December 08, 2003 10:26 AM
To: security-basics () securityfocus com
Subject: RE: WiFi security implications

It really doesn't matter. 

I've been watching this thread for a while.  Here are my comments to the
original question.

1) IPsec over 802.11 is great, and depending on the IPSec algorythms and key
sizes used, almost completely unbreakable except for private millionairs and
government agencies.

2) Want even more security, lock down the 802.11 AP.  I suspect you're not
using a Cisco one, so in that case make sure you do the following

        i) Enable the highest WEP key possible
        ii) Change the SSID from default to something crazy that anyone
walking by your office with a PDA won't lock onto by accident like
"123fjdksfj2342" .
        iii) Use a different channel than the default.
        iv) Remove the beacon, or minimize it.

        v) lock down or filter the Mac address of your laptop.

3) As an alternative, you may wish to move away from the 802.11B spectrum as
plenty of kiddies have these 70 dollar cards (CDN).

Version: PGP 8.0.3


The information contained in this message may be legally privileged and
confidential.  It is intended to be read only by the individual or entity to
whom it is addressed or by their designee. If the reader of this message is
not the intended recipient, you are on notice that any distribution of this
message, in any form, is strictly prohibited.

If you have received this message in error, please immediately notify the
sender and/or Fenwick & West LLP by telephone at (650) 988-8500

and delete or destroy any copy of this message.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]