wireless access point security

wireless access point security

Hospitals install wireless to improve patient care

Mini-cameras that transmit from inside your body, and drug trolleys that will only dispense tablets to the right patients, are just two of the uses the health service is exploring for wireless technologies. While many of the uses for wireless at the ...

wireless access point security
Find Local Security Information. View Top Results.
www.AreaConnect.com

Cell Service
Find Top Rated Cell Phone Companies Here.
www.WYP.net

Wireless Access Points
Empower mobile workforces by increasing efficiency and productivity. Psion Teklogix Inc. is a leading provider of rugged mobile computing solutions around the world. ISO 9001:2000 registered. Call 1-800-322-3437 or CLICK HERE to find out more.
PsionTeklogix.com

From: Ansgar -59cobalt- Wiechers
Date: Wed, 18 Jun 2008 19:10:42 +0100

On 2008-06-18 Al Rivas wrote:
> He doesn't mention an elapsed time on his original message.  T3
> (45Mbps) through a point to point VPN overnight might be faster than
> what he's currently using.

Maybe, maybe not. We don't know enough about the OP's situation to make
even an educated guess here. Don't forget that the transfer rate is
limited by the slowest connection, i.e. if the remote side doesn't have
a T3 as well or there's a bottleneck somewhere en-route the duration may
be increased significantly. You'd also need connection interrupts into
consideration.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

From: Mike Hale
Date: Mon, 23 Jun 2008 16:27:19 +0100

"It does not mean that hardware reliability becomes a security issue."
You're absolutely right, and I think I simply didn't post that clearly
enough.  :)

"This means that regardless of our security implementations we have to
make the data available to users."
Well, yes and no.  That's where the CIA triad comes in.  A company
needs to decide which of the points to focus on.  It's a trade-off,
and you really can't do all three things perfectly.  Sometimes, the
confidentiality of your data is of paramount importance.  In that
case, you do want to pull the plug if necessary while accepting the
risk of making the data unavailable.

On 6/23/08, Nick Vaernhoej <nick.vaernhoej@capitalcardservices.com> wrote:
> Mike,
>
> Based on my interpretation it seems to me like your interpretation will
> make a customer attempting to access his online banking but fails
> because the ISP has issues a security concern because his data isn't
> available.
>
> I think you say it best "It's about preventing unauthorized access and
> change while maintaining it's useability to authorized users."
>
> This means that regardless of our security implementations we have to
> make the data available to users.
> The availability criteria tries to make sure we do not unplug the server
> in our efforts to avoid an incident.
> It does not mean that hardware reliability becomes a security issue.
>
> Nick Vaernhoej
> "Quidquid latine dictum sit, altum sonatur."
>
>
> -  -----Original Message-----
> -  From: listbounce@securityfocus.com
> -  [mailto:listbounce@securityfocus.com] On Behalf Of Mike Hale
> -  Sent: Friday, June 20, 2008 4:10 PM
> -  To: Mike Hale
> -  Cc: Rivest, Philippe; Murda Mcloud; security-basics@securityfocus.com
> -  Subject: Re: Was Re: RAID 5 drive replacement schedule - Now
> -  "Availability"
> -
> -  Availability is allowing your authorized users to access the data
> when
> -  they need to.
> -
> -  "that in its self is not _always_ a security concern, but it can be."
> -  I disagree with you.  Availability is a fundamental portion of it
> -  because without availability, that data is useless.  If you don't
> have
> -  access to it when you need it, I think your security system has
> -  failed.
> -
> -  You're also correct that if a system crashes, data is no longer
> -  available.  Sometimes, attacks on a network seek to do just that.
> -
> -  As far as the definition of security (especially in terms of data),
> -  papers have been written trying to pin it down.  I think at it's most
> -  basic, however, is CIA.  Confidentiality, Integrity and Availability.
> -
> -  It's about preventing unauthorized access and change while
> maintaining
> -  it's useability to authorized users.
>
> This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message.
> Thank you.
>


-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

From: Shreyas Zare
Date: Mon, 23 Jun 2008 17:53:49 +0100

Hi,

It would be great if you point to some reference for this. Thanks in advance.

Regards

On Mon, Jun 23, 2008 at 10:21 PM, Michael P. Carter
<mcarter@electracash.com> wrote:
> Do your research more deeply.
>
> Michael P. Carter
> Network Manager
> mcarter@electracash.com
> 562-498-6888
>
>
> -----Original Message-----
> From: Shreyas Zare [mailto:shreyas@technitium.com]
> Sent: Monday, June 23, 2008 9:50 AM
> To: Michael P. Carter; security-basics@securityfocus.com
> Subject: Re: Deny access to copy files
>
> Hi,
>
> I dont think software use copy method to do Save As. Once a program
> opens a file and reads data into a buffer its free to write that
> buffer anywhere it has access to. No need to use system copy
> functions.
>
> Regards,
>
> On Mon, Jun 23, 2008 at 9:58 PM, Michael P. Carter
> <mcarter@electracash.com> wrote:
>>
>> Not so - any user denied permission to COPY will inherently be denied
>> permission to Save As (that's a simple copy operation to a new
>> location).
>>
>> Michael P. Carter
>> Network Manager
>> mcarter@electracash.com
>> 562-498-6888
>>
>>
>> -----Original Message-----
>> From: Shreyas Zare [mailto:shreyas@technitium.com]
>> Sent: Friday, June 20, 2008 2:31 AM
>> To: Michael P. Carter
>> Cc: Atif Azim; GSO GSO; James Finnican; Kevin Ortloff; Ahmed Khalid;
>> focus-ms@securityfocus.com; security-basics@lists.securityfocus.com
>> Subject: Re: Deny access to copy files
>>
>> Hi,
>>
>> Even if you have special COPY permission in NTFS, any user with READ
>> access will open the file and just use Save As to save it anywhere, or
>> just write a small code, possible in any programming language, to read
>> file and write a new file. So COPY thing is useless, MS is intelligent
>> enough.
>>
>> Regards,
>>
>> On Fri, Jun 20, 2008 at 12:39 AM, Michael P. Carter
>> <mcarter@electracash.com> wrote:
>> >
>> > Also, the NTFS permission READ will allow anyone with that
> permission
>> to
>> > also copy (the EXECUTE part allows them to launch the appropriate
>> > program to open the file), so the Windows permissions don't meet
> your
>> > security needs (it's something that we've been harassing Microsoft
>> about
>> > for more than a decade - separate permissions for READ and COPY)).
>> >
>> > Michael P. Carter
>> > Network Manager
>> > mcarter@electracash.com
>> > 562-498-6888
>> >
>> > -----Original Message-----
>> > From: listbounce@securityfocus.com
>> [mailto:listbounce@securityfocus.com]
>> > On Behalf Of Atif Azim
>> > Sent: Wednesday, June 18, 2008 11:44 PM
>> > To: GSO GSO
>> > Cc: James Finnican; Kevin Ortloff; Ahmed Khalid;
>> > focus-ms@securityfocus.com; security-basics@lists.securityfocus.com
>> > Subject: Re: Deny access to copy files
>> >
>> > Indeed a technical control is not the only thing you should be
> looking
>> > forward to in such a scenario.First, you need to set your policies
>> > straight and results for non-compliance leading to consequences for
>> > leaking intellectual property. When looking forward to technical
>> > controls, checkout McAfee Data loss Prevention (DLP).It addresses
>> > issues related to source code leakage as well. Go to
>> >
>> >
>>
> http://www.mcafee.com/us/enterprise/products/data_loss_prevention/data_l
>> > oss_prevention.html
>> >
>> > and also see the flash demo at
>> >
>> >
>>
> http://www.mcafee.com/us/local_content/demos/dlp_technical_demo/dlp_flas
>> > h_demo.html
>> >
>> > Regards,
>> > Atif Azim
>> >
>> >
>> >
>> >
>> >
>> >
>> > On Wed, Jun 18, 2008 at 1:16 AM, GSO GSO <gso.gsecur@gmail.com>
> wrote:
>> > > DeviceLock is a great program.  Besides the very granular
> permission
>> > > levels, I have also like the fact I can create temporary access
>> codes.
>> > >  So if an individual needs access to a USB device for an hour or
>> even
>> > > a month, I can give it to them.
>> > >
>> > > B
>> > >
>> > > http://GovernmentSecurity.org
>> > >
>> > > On Tue, Jun 17, 2008 at 2:43 PM, James Finnican
> <jfinnica@bebe.com>
>> > wrote:
>> > >> DeviceLock and, disable access to the internet with exception to
>> > accepted resources, Wiki's subscribed sites. You can do this from IE
>> > directly or, configure it at the firewall if it allows.
>> > >>
>> > >> -----Original Message-----
>> > >> From: listbounce@securityfocus.com
>> > [mailto:listbounce@securityfocus.com] On Behalf Of Kevin Ortloff
>> > >> Sent: Friday, June 13, 2008 9:31 AM
>> > >> To: Ahmed Khalid; focus-ms@securityfocus.com
>> > >> Cc: security-basics@lists.securityfocus.com
>> > >> Subject: RE: Deny access to copy files
>> > >>
>> > >> If you don't mind spending a 2-3 thousand, there is a good
> product
>> > called ' DeviceLock '. This is a global policy enforcer that will
>> > restrict activates on USB, External Storage, etc, etc.. You can be
>> very
>> > specific too like only a certain kind of thumb drive can be used by
> a
>> > particular individual ( this allows you to control who has the
> ability
>> > to even use an approved drive ). Or, maybe you only want read, but
> no
>> > write. You can do that too.
>> > >>
>> > >> Anyway, hope that helps. I'm sure there are other apps that can
> do
>> > this. I liked DeviceLock when I did my evals.
>> > >>
>> > >>
>> > >>
>> > >> -----Original Message-----
>> > >> From: listbounce@securityfocus.com
>> > [mailto:listbounce@securityfocus.com] On Behalf Of Ahmed Khalid
>> > >> Sent: Sunday, June 01, 2008 11:20 AM
>> > >> To: focus-ms@securityfocus.com
>> > >> Cc: security-basics@lists.securityfocus.com
>> > >> Subject: Deny access to copy files
>> > >>
>> > >> I am working for a software house, they are developing a software
>> > product and their requirement is to restrict programmers to take the
>> > code out of office premises due to company policy. I am trying to
>> > configure a windows based machine which denies access to copy files
> to
>> > external storage devices connected to USB. There is an NTFS
> permission
>> > "Read + Execute" I guess this could do the work but is there any
> other
>> > way to do it?
>> > >>
>> > >> They also don't need programmers to take the code with them in
>> their
>> > email.
>> > >> I can restrict SMTP and POP ports but when it comes to web based
>> > emails I am clueless,  How can I restrict web based emails like
>> hotmail,
>> > gmail, yahoo there are so many of these and if I somehow manage to
>> block
>> > all web based email sites someone can write a script to send emails,
>> if
>> > not a script HTTP tunneling would bypass any checks and bounds
> defined
>> > by my proxy/gateway machine. How can I block such thing?
>> > >>
>> > >> Any help would be highly appreciated.
>> > >>
>> > >> Regards,
>> > >> Ahmed Khalid
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> This email, its contents and attachments contain information from
>> j2
>> > Global Communications, Inc. and/or its affiliates which may be
>> > privileged, confidential or otherwise protected from disclosure. The
>> > information is intended to be for the addressee(s) only.  If you are
>> not
>> > an addressee, any disclosure, copy, distribution, or use of the
>> contents
>> > of this message is prohibited.  If you have received this email in
>> error
>> > please notify the sender by reply e-mail and delete the original
>> message
>> > and any copies. j2 Global Communications. 6922 Hollywood Blvd.,
>> > Hollywood, CA 90028.
>> > >>
>> > >
>> > >
>> > >
>> > > --
>> > > Security/Hacking Paper Contest Win $100
>> > > http://GovernmentSecurity.org
>> > >
>>
>>
>>
>> --
>> ("There are only 10 kinds of people in this world: those who know
>> binary and those who don't.")
>>
>> Shreyas Zare
>> Co-Founder, Technitium
>> eMail: shreyas@technitium.com
>>
>> ..::< The Technitium Team >::..
>> Visit us at www.technitium.com
>> Contact us at theteam@technitium.com
>>
>> Technitium Personal Computers
>> We believe in quality.
>> Visit http://pc.technitium.com for details.
>
>
>
> --
> ("There are only 10 kinds of people in this world: those who know
> binary and those who don't.")
>
> Shreyas Zare
> Co-Founder, Technitium
> eMail: shreyas@technitium.com
>
> ..::< The Technitium Team >::..
> Visit us at www.technitium.com
> Contact us at theteam@technitium.com
>
> Technitium Personal Computers
> We believe in quality.
> Visit http://pc.technitium.com for details.
>



-- 
("There are only 10 kinds of people in this world: those who know
binary and those who don't.")

Shreyas Zare
Co-Founder, Technitium
eMail: shreyas@technitium.com

..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam@technitium.com

Technitium Personal Computers
We believe in quality.
Visit http://pc.technitium.com for details.

From: Nick Vaernhoej
Date: Mon, 23 Jun 2008 17:49:04 +0100

Gentlemen,

I can feel good about leaving this discussion agreeing with this ;)

Nick Vaernhoej
"Quidquid latine dictum sit, altum sonatur."


-  -----Original Message-----
-  On Behalf Of Adriel Desautels
-  Sent: Monday, June 23, 2008 11:36 AM
-  Subject: Re: Was Re: RAID 5 drive replacement schedule - Now
-  "Availability"
-  
-  Mike,
-  	I do agree that coffee is a critical aspect of security and
-  without it
-  all other aspects of security fail. Therefore, the coffee machine is
-  clearly the most business critical system with respect to its
-  availability. An outage there could be catastrophic.

This electronic transmission is intended for the addressee (s) named above.=
 It contains information that is privileged, confidential, or otherwise prot=
ected from use and disclosure. If you are not the intended recipient you are=
 hereby notified that any review, disclosure, copy, or dissemination of this=
 transmission or the taking of any action in reliance on its contents, or ot=
her use is strictly prohibited. If you have received this transmission in er=
ror, please notify the sender that this message was received in error and th=
en delete this message.=0A=
Thank you.

From: Gleb Paharenko
Date: Mon, 23 Jun 2008 16:36:09 +0100

Hi.

Samba over internet is not good. Consider chrooted sftp instead.
For intranet samba can be quite fine. Though perhaps it is more easy
to implement chrooted ftp.

2008/6/23 razi garbie <r.garbie@gmail.com>:
>
> Hi list,
>
> Im currently using qmail with ~10users, unforunatley not virtual.
> Can anyone shed some light on how to solve autoreply?
>
> The mailboxes and the users "real" home directories are hosted on
> separet boxes, so when i user attempts to ssh to any linuxbox wihtin
> the domain they're locked into their "real" home directory and thus
> cant drop a autoreply in their home that stores emails. (Hope i didnt
> confuse things to much)
>
> I've thought of setting up a samba giving them access, but is that a
> good idea? (I want to avoid giving them shell in the box storing
> emails.)
>
>
> Thanks in advance,
> --
> R. Garbie
>



-- 
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com
http://www.linkedin.com/in/gpaharenko

Advanced security: 128-bit WPA encryption, MAC filtering, and free With one Wireless-G in the garage and another one in the house, 3 Point vs. Ad-Hoc Network. 4 Limitations. 5 Security. 6 See also. 7 References has special considerations. Enables ISPs to join a global network and provide worldwide roaming to their traveling Internet customers . (i.e., "Open") wireless access points at home and in Leo Laporte: This is Security Now! Episode 10 for October 20, 2005: Open Points. In campus environments, many network users will add a wireless point to their large campus networks exposed to security breaches from remote intruders. Wireless Visibility and Control White Paper. Advanced Security Wireless. Points, Management & Switches.

RoamAbout. Products A-Z. Request a Demo Find The HP ProCurve Access Point 420 Access on MSN Shopping. Research product information, compare prices, user reviews, product ratings and Wireless security is the prevention of unauthorized access points installed do not feel that they need to address wireless security concerns. Shop for Linksys / WAP200 / 54Mbps / 802.11g / Access Point with PoE for $124.99 at TigerDirect.com. Linksys WAP200 Point with . .