IDS: Re: Scan for "outsider" Pcs on network

[<auto62996 () hushmail com>]

On Fri, 17 Mar 2006 Eagle Fire <tlecuauhtli () googlemail com> wrote:
> Yes, but the hub must be deployded by someone who has a username 
and 
> password to connect to your network.
Why? What do I need a username and password for?

> It is like you won´t use keylocks in the door just because 
someone can
> lend the key to some one not authorized.
Terrible analogy (but aren't they always?). Let's try again. I'm a
cleaner in an office. Rather than the $10 hub I splash out and buy a
$30 wireless hub and router. One evening, I unplug a network printer
and attach my router to the network and the printer to the router.
Stick it under a table or behind a filing cabinet and in most 
offices
no one will have a clue that it is there. The whole street now has
access to your network and 802.1x won't help you one bit.
How does that fit your analogy?

> So for me, wireless and wired is the same.
But not for me and, I suspect, most other security analysts which is
why this thread is interesting and I haven't just given up. I really
would like to know what other people are doing to address the issue.
There are a few products, such as Cisco's NAC or Sygate's Enterprise
Protection, but how well do they address the problem and how much
better than straight 802.1x are they? Is there something better and
cheaper?


[...]
> On 15/03/06, auto62996 () hushmail com <auto62996 () hushmail com> 
wrote:
> > 802.1X works quite well in a wireless environment where there 
is 
> > continual authentication of the client but it can be subverted 
on a 
> > wired LAN simply by using a $10 hub. Attaching a legitimate 
device
> > to the hub will keep the switch port open and allow anything 
else
> > you connect to the hub to access the LAN.
> >
> > -----Original Message-----
> > From: Eagle Fire [mailto:tlecuauhtli () googlemail com]
> > Sent: 13 March 2006 10:06
> > To: focus-ids () securityfocus com
> > Subject: Re: Scan for "outsider" Pcs on network
> >
> >
> >  Could be 802.1X an alternative? Probably hard to deploy, 
switches
> > and
> > wireless AP with the feature and some OS challenges but it may 
be a 
> > solution.
> >
> >  -tlecu




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------