Penetration Testing: Re: Wireless Pent-Test

[goat <goat () severus org>]

Mike is right, but the concept of protecting your clients extends much further than your corporate WAPs.  The Blaster 
worm showed that protecting mobile users is critical.  Most places block 135 at the border, but worker-bees who had 
their laptops connected at home brought the infection to work the next day.

Another example:  A "friend of mine" who travels a lot entertains himself in the airport by putting his OpenBSD laptop 
into HostAP mode and waiting for people to associate.  When they do, his dhcpd provides an IP to them, allowing him to 
scan and prod them if he wanted to.  Thankfully, this guy has SOME scruples and doesn't poke around with these people, 
but he has proven that the attack vector is real.  What would happen to an internal corporate network if one of these 
laptops were backdoored with a "phone-home" program?  

goat

Michael J. Semaniuk wrote:
> Hey Cesar,
>
> Implementing WEP is a good start.  However, you need to be concerned about
> the clients themselves as well.  I would consider the use of a personal
> firewall and VPN client in addition to WEP.  You could use the personal
> firewall to drop anything destined for the client, and you could force all
> network traffic to come to the home office via an IPSec tunnel.  The
> encryption associated with IPSec is infinitely better than WEP, and will
> protect your data better in the long run.  Just a thought...
>
> -Mike
> ----- Original Message ----- 
> From: "Cesar Diaz" <cesadiz () yahoo com>
> To: <pen-test () securityfocus com>
> Sent: Saturday, October 04, 2003 9:16 PM
> Subject: Wireless Pent-Test
---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------