Home page logo

basics logo Security Basics mailing list archives

RE: Wireless security question
From: "Justin Acquaro" <JAcquaro () csmcorp com>
Date: Thu, 23 Dec 2004 09:18:25 -0500

        I thought about a similar situation not too long ago, If a user on a corporate Ethernet LAN was to plug in 
while someone outside the building was to setup a rogue AP or HostAP. I remember reading that Windows XP would blindly 
connect to the first wireless network it comes across (don't know if this is true in XP SP2) but then if you can own 
the users computer, in theory couldn't you own the whole network? I believe you can shutdown the Windows XP wireless 
management with Group Policy but what about 3rd party software? The way I see it even if the laptops wireless is not 
bridged to the Ethernet LAN the laptop itself is at risk which in turn puts the network at risk. Is this a legitimate 
concern or am I just making something small out to be something a lot greater.

Justin Acquaro
Creative Socio-Medics
3500 Sunrise Hwy
Great River, New York

|-----Original Message-----
|From: Marty [mailto:groupecci () yahoo ca]
|Sent: Wednesday, December 22, 2004 11:57 AM
|To: Sec Basic
|Subject: Wireless security question
|Hi gang!
|Here is a question for you...
|We have a secure network with no wireless
|connections whatsoever.
|One of our laptop came in with credentials to log
|on to the network through the Ethernet cable BUT
|the person had just added a wireless card to his
|This situation actually came up and the person
|could see external wireless networks (from other
|companies around our building) and access
|Internet through there. Yeah I know they're
|stupid, but it's the real world!
|This seems like a potential threat for taking our
|data out the back door.
|Copy files accessed through our network to
|another network and voilà! No trace at all of the
|We monitor internet access and block non-company
|Email (Yahoo, Hotmail etc.).
|Thanks and Happy Holidays!
|Lèche-vitrine ou lèche-écran ?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]