[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <18557.1226074166@turing-police.cc.vt.edu>
Date: Fri, 07 Nov 2008 11:09:26 -0500
From: Valdis.Kletnieks@...edu
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: How are you securing your Wireless
Networks?
On Fri, 07 Nov 2008 09:43:54 GMT, n3td3v said:
> good poll you have doing this, not only do you gain intelligence about
> your readership, but you have a bunch of ip addresses logged with
> their respective answers about their wireless posture. answering such
> a poll could be a security vulnerability in its self but there is no
> security through obscurity though right?
There's nothing I could add to the answers to that poll that a determined
hacker couldn't figure out for themselves by reading the public webpage
we have on "How to hook up to our wireless network", including lists of
which buildings, and even which *areas* in buildings, have wireless coverage
(for instance, in our dorms, there's wireless coverage in the study and lounge
areas, but *not* in the rooms, as each room has 2 wired ports in it. If you
have a room that's adjacent to a lounge and you get enough signal leakage to
use it, go ahead, but it's not supported).
Or they could just wardrive the campus and figure it out for themselves.
In other words, if an attacker is close enough to our campus that they
could take advantage of our answers, they don't *need* our answers. And
if they're not close enough, it doesn't matter.
But it *does* give the SANS crew important info on where to focus their
efforts - if 47% answer "My site is doing stupid thing XYZ, and I can't
convince them otherwise", then they know they need to spend more effort
explaining why XYZ is stupid, in words short enough to be understood by
the management person who needs the clue.
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists