Page 5 of 6 « First 34 5 6
Reply
Thread Tools
sondjata's Avatar
sondjata is offline sondjata
2007-12-12 , 23:57
Posts: 1,076 | Thanked: 176 times | Joined on Mar 2007
#41
Originally Posted by jaark View Post

Sniffing and spoofing MAC addresses is extremely easy and quick. MAC filtering is a level of protection that will serve you for seconds. You may as well not do it. In fact, you'd be better off monitoring and alerting on unauthorised MACs. That way you have a way of knowing a rogue device is attempting to connect to the network.

of course the would be attacker would have to know WHAT MAC addresses to spoof in order to get access. Not that it's that hard to figure out but still. Also you would need to be on when that other machine isn't or problems will show up. Of course this is first line of defense, not the last.
 
barry99705's Avatar
barry99705 is offline barry99705
2007-12-13 , 02:59
Posts: 641 | Thanked: 27 times | Joined on Apr 2007
#42
Originally Posted by cynoclast View Post
Petty tyrants are invariably the worst.

It's not your network. It's the company's. Your job is making sure they can use the network to do theirs. If the user is responsible and the personal device will improve their productivity, everyone benefits if you green-light their access. You might even learn something. Possession shouldn't extend beyond personal pride in your work.
Yea, I get that a lot from the users. "It's my computer! I'll give it to you when I'm done!" This coming from an idiot who's spamming the district with virus ridden emails. It's not their computer, the money used to buy it came out of our department's budget. You're right, it's not technically my/our network, it's the company's, but like technut said, it's my job to protect the network and keep the data safe, and flowing. I'm not going to let one user break it for every one else. I've also been known to yank personal wifi access points right off the wall. Yea, it's a little over the top, and yea, I did have to answer for it with my boss, but, it got the point across. Word got around, and everyone went looking at the AUP to see if I was in the wrong. Guess what, I wasn't. It clearly states that personal equipment will be confiscated. The last thing we need is for another lawsuit because little Jimmy's personal info was snarfed off our network because some ***** thought it would be cool to have his own personal wifi network.

Originally Posted by sondjata View Post
of course the would be attacker would have to know WHAT MAC addresses to spoof in order to get access. Not that it's that hard to figure out but still. Also you would need to be on when that other machine isn't or problems will show up. Of course this is first line of defense, not the last.
Airmon-ng will show associated macs. Gives you a nice list of what mac is associated with what access point mac. Mac authentication is right next to useless.
__________________
Just because you are online, doesn't mean you don't have to form a full sentence.


SEARCH! It's probably already been answered.
Last edited by barry99705; 2007-12-13 at 03:02.
 

The Following User Says Thank You to barry99705 For This Useful Post:
Hedgecore's Avatar
Hedgecore is offline Hedgecore
2007-12-13 , 14:24
Posts: 1,361 | Thanked: 115 times | Joined on Oct 2005 @ Toronto, Ontario, Canada
#43
Barry's stories are more along the lines of what I'm going for... that rogue AP wasn't necessary for someone to do their work and no amount of crocodile tears would convince me that they need to sit on a couch in the break room to be productive.

Exchange mailboxes are limited to the neighbourhood of 300MB where I work... some high profile people demand 3GB and have gotten it. They use their mailbox as a filing system. This puts strains on the mail system every time a backup has to be run, every time it has to replicate, etc. Exchange's DB is CRAP, and sometimes get corrupted... and guess who has to try to assemble those 3GB mailboxes because someone never bothered to migrate their ill-stored data to SharePoint? The poor IT guy... (which ain't me btw.)
 
andyfromtucson is offline andyfromtucson
2007-12-15 , 14:49
Posts: 13 | Thanked: 1 time | Joined on Aug 2007
#44
"No one can serve two masters; for either he will hate the one and love the other, or he will be devoted to one and despise the other. You cannot serve [productivity] and [security]."

After careful evaluation of the arguments presented here I have decided that I can no longer continue the reckless practice of driving on public streets. The current policies allow all kinds of dangerous drivers on the network that can irretrivably brick mission-critical hardware (i.e. me).
 
gemniii42 is offline gemniii42
2007-12-15 , 15:31
Posts: 833 | Thanked: 124 times | Joined on Nov 2007 @ Based in the USA
#45
Originally Posted by andyfromtucson View Post
"No one can serve two masters; for either he will hate the one and love the other, or he will be devoted to one and despise the other. You cannot serve [productivity] and [security]."

<snip>
However in the modern workforce many of us are "matrixed" and serve multiple masters. Those of us who can surf these waves of choas stay on top, those that cannot go under.
Example - we are not allowed Bluetooth in the building for security reasons. When in an enclosed room where the BT cannot transmit to anything other than what is in the room (room is big) the security police still say no. The productivity angels say ok. By rule the security is correct. By reality the productivity people are correct. Many times I've had to explain to one boss why I bent their rules because another boss had something required (usually more appealing to me).
__________________
N810, iGo bt kb, Diablo, 10Gb storage onboard instead of a Thinkpad
OTG w/ unlimited storage!!
Put a penguin in your pocket!!
PLEASE use the Wiki
 

The Following User Says Thank You to gemniii42 For This Useful Post:
penguinbait's Avatar
penguinbait is offline penguinbait
2007-12-15 , 16:57
Posts: 3,096 | Thanked: 1,525 times | Joined on Jan 2006 @ Michigan, USA
#46
Not sure how I missed this thread for so long, because I have been thinking of starting my own.

The fact is ANYONE can compile some software, put it in a deb, and stick it on the repo. Are far as I can see there is nothing in place to prevent spyware, rootkits, and other malicous code. I have a seperate boot SD for use at work, it has only packages I compiled myself (On top of Nokia base. I also did some sniffer testing to make sure I did not see any strange packets going to unknown places. I think I am 99.9% sure I am good. I think I am probably the same for my other boot instances I use for home or development, but I am just not going to take any chances....

I have been wondering about the new initatives at Nokia to embrace the opensource projects. On the packages they certify, is someone going through that code or doing some type of security.

Perhaps some type of certification process/community review with a secure repo would be nice. Not everything would have to be in it, but it would be a start
 
Benson's Avatar
Benson is offline Benson
2007-12-17 , 17:31
Posts: 4,930 | Thanked: 2,272 times | Joined on Oct 2007
#47
Originally Posted by penguinbait View Post
The fact is ANYONE can compile some software, put it in a deb, and stick it on the repo. Are far as I can see there is nothing in place to prevent spyware, rootkits, and other malicous code.
Yes, one of the great things about OSS is that you can audit anything you run for malicious code... But YOU have to compile it (to make sure the binaries really do match the source), and audit the source (which almost no-one does), and finally, you really need to audit the entire tool-chain as well. The tool-chain, of course, must be audited to the same depth, or you could get in trouble. Ask Ken Thompson about it.
I have a seperate boot SD for use at work, it has only packages I compiled myself (On top of Nokia base. I also did some sniffer testing to make sure I did not see any strange packets going to unknown places. I think I am 99.9% sure I am good. I think I am probably the same for my other boot instances I use for home or development, but I am just not going to take any chances....
Wow... You must really care, or the IT dept. where you work must have some serious enforcers.
I know the limitations I mentioned above, and what to do if I did care, but I just don't care that much.
 

The Following User Says Thank You to Benson For This Useful Post:
barry99705's Avatar
barry99705 is offline barry99705
2007-12-17 , 18:20
Posts: 641 | Thanked: 27 times | Joined on Apr 2007
#48
Originally Posted by penguinbait View Post
Not sure how I missed this thread for so long, because I have been thinking of starting my own.

The fact is ANYONE can compile some software, put it in a deb, and stick it on the repo. Are far as I can see there is nothing in place to prevent spyware, rootkits, and other malicous code. I have a seperate boot SD for use at work, it has only packages I compiled myself (On top of Nokia base. I also did some sniffer testing to make sure I did not see any strange packets going to unknown places. I think I am 99.9% sure I am good. I think I am probably the same for my other boot instances I use for home or development, but I am just not going to take any chances....

I have been wondering about the new initatives at Nokia to embrace the opensource projects. On the packages they certify, is someone going through that code or doing some type of security.

Perhaps some type of certification process/community review with a secure repo would be nice. Not everything would have to be in it, but it would be a start

I know several people who roll their own applications for "security". I've asked them if they went through all the code, line for line. Usually I get a no.
__________________
Just because you are online, doesn't mean you don't have to form a full sentence.


SEARCH! It's probably already been answered.
 
Benson's Avatar
Benson is offline Benson
2007-12-17 , 19:46
Posts: 4,930 | Thanked: 2,272 times | Joined on Oct 2007
#49
But if you compile everything (and your toolchain is clean), then any "bad stuff" must be out there in the source. Even if you don't check it, you can hope someone else will notice if there's anything in there. And that's actually (a little) better than using pre-compiled binaries, in the case where binaries for your platform are available from some 3rd party. You may trust the project maintainers more than some random dude who's offering you the convenience of pre-built binaries.

But with most projects, that's not the case; if you won't even look through the source, you may as well use any binaries provided by the project itself, because you obviously trust them.

This line of discussion makes me think: Fanoush probably pwns all our N800s, doesn't he? Actually, I'm waiting on boot menu till I get time (boot menu + OS2008 on my N800: ETA next week), so I'm safe.
 

The Following User Says Thank You to Benson For This Useful Post:
Hedgecore's Avatar
Hedgecore is offline Hedgecore
2007-12-18 , 14:38
Posts: 1,361 | Thanked: 115 times | Joined on Oct 2005 @ Toronto, Ontario, Canada
#50
I don't think anyone would go over every line in the kernel source before updating their kernel, that'd be nuts. I also don't think they'd audit every line of code on their machine.

The business world is different than the real world though, Microsoft sludge is an acceptable risk because it's by far the standard across the board. I don't like it, I'd love a Linux desktop, but I don't get paid to like things.

The biggest disruptions I've seen in the past year were caused by people with a sense of entitlement. Everyone's human and makes mistakes, even if you're a level 80 paladin with a flying mount at night.
 

The Following User Says Thank You to Hedgecore For This Useful Post:
Reply
Page 5 of 6 « First 34 5 6

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 02:17.

Contact Us - Home - Archive - Top