mailing list archives
RE: Wireless security question
From: "Justin Acquaro" <JAcquaro () csmcorp com>
Date: Thu, 23 Dec 2004 09:18:25 -0500
I thought about a similar situation not too long ago, If a user on a corporate Ethernet LAN was to plug in
while someone outside the building was to setup a rogue AP or HostAP. I remember reading that Windows XP would blindly
connect to the first wireless network it comes across (don't know if this is true in XP SP2) but then if you can own
the users computer, in theory couldn't you own the whole network? I believe you can shutdown the Windows XP wireless
management with Group Policy but what about 3rd party software? The way I see it even if the laptops wireless is not
bridged to the Ethernet LAN the laptop itself is at risk which in turn puts the network at risk. Is this a legitimate
concern or am I just making something small out to be something a lot greater.
3500 Sunrise Hwy
Great River, New York
|From: Marty [mailto:groupecci () yahoo ca]
|Sent: Wednesday, December 22, 2004 11:57 AM
|To: Sec Basic
|Subject: Wireless security question
|Here is a question for you...
|We have a secure network with no wireless
|One of our laptop came in with credentials to log
|on to the network through the Ethernet cable BUT
|the person had just added a wireless card to his
|This situation actually came up and the person
|could see external wireless networks (from other
|companies around our building) and access
|Internet through there. Yeah I know they're
|stupid, but it's the real world!
|This seems like a potential threat for taking our
|data out the back door.
|Copy files accessed through our network to
|another network and voilà! No trace at all of the
|We monitor internet access and block non-company
|Email (Yahoo, Hotmail etc.).
|Thanks and Happy Holidays!
|Lèche-vitrine ou lèche-écran ?
- Re: Wireless security question, (continued)