Mon, Mar 28 2005 21:57
"A wireless internet has been found in range"
A couple of times, clients have come into the office and we've needed to get data off of their laptops. So they've turned them on and we typically these days use usb thumb drives to pull the data off. And each time a 'newer' computer is turned on, one that has wireless automagically enabled, it 'finds' the wireless access point at the office.
Is it an open, unprotected by WAP access? Nope.
Could it be? Yup.
Why? Because I purposely put it in a place that would first and foremost give me a secondary backup to high speed access when taking down the server [Rule of Susan, always ensure you have a connection to the newsgroups or IM]. So it's on the outside of my SBS network hanging off another port in the 4 port dsl modem/switch. It handles it's own DHCP and does not interfere with the DHCP of the SBS since its hanging off of the DSL modem/switch.
It hands out addresses in a range that doesn't match the internal address of the network. I do all this because we don't really need 'true' wireless at the office to the internal network and I'm not yet ready to see if SBS can handle PEAP [I think it can...don't tell Jason or Charlie I need to re-read the chapter on wireless in SBS in the SBS 2003 Admin's book because I can't remember it.
If you run cat 5e/cat 6 wiring in your office, you can pretty much be certain that it's a bit easy to know where it starts and where your 'physical access points' end. The RJ45 connection in the wall. Now at Micrsoft where physical security of a 'campus' means they have tons of wiretaps, so they use IPsec [more on this in the next blog post] to protect those physical taps [remember don't use 802.1x to secure wired connections]
But where's the physical access limitation of a 'wireless' connection. Yup it's as large as you are broadcasting. Remember I've said before to check and make sure how others see you by visiting grc.com and seeing what ports you have hope are the ones you expect to have open?
Don't forget to do the same with your wireless connection. Take a laptop that is enabled for wireless... walk your perimeter. How far do you broadcast?
Filed under: Security