Laptops aren't as bad as open wireless access points but they do present problems. The chance that someone could reach the laptop inside your physical corporate environment are small but that all changes when the laptop becomes mobile. Users are going to use them in airports, Starbucks, and other areas where there are AP's. I know there are a number of airports and all Starbucks have AP's in them that you can use for a fee. Most people don't realize that even though you aren't paying for the service, if your laptop is in range, the AP will let anyone associate with it and the laptop gets an IP assigned to it. Your laptop is then vulnerable to exploitation from anyone in the area that is on the same subnet. This probably isn't a problem for most users but if you carry sensitive data on your laptop, there are people that may try to exploit it. Removing the WiFi card is a great idea. Another way to do it is to remove the drivers for the card so it's effectively disabled. Then make sure the machine is locked down so the users can't make changes to the registry or add drivers. Also, don't overlook Bluetooth. It has security issues as well and is coming standard on more and more devices. There are already "bluestumblers" out there and RedFang will attempt to find "non-discoverable" Bluetooth devices. http://www.securiteam.com/tools/5JP0I1FAAE.html ----- Original Message ----- From: "Daggett, Steve" <Steve.Daggett@private> To: "Crime (E-mail)" <crime@private> Sent: Wednesday, August 06, 2003 7:38 PM Subject: CRIME Laptops w/build-in wireless > > My collogues and I been talking about laptops (and PDA's) with embedded > wireless around the office lately. The new laptops we've been getting have > built-in wireless cards, either standard or as an option. > > We were also sniffing around with NetStumble last week. Our building *is* > in range of a foreign open access point. The signal is weak, but we were > able to get online from our building. > > Now, I know that running an open access point is like hanging a hot > Ethernet jack on the outside of the building, and that WEP is almost > useless. But what about wireless laptops? Do they present the same threat? > Physically, these things become bridges if they're plugged into the internal > network while the wireless is hot. > > In the mean time, we've taken the safe route. We're physically removing > the wireless cards from laptops before they get passed out to the users. > We're going to see some pushback from the users as soon as they figure out > what we're doing. > > Steve Daggett > Senior Network Design Engineer > > This e-mail is confidential and may well be legally privileged. If you > have received it in error, you are on notice of its status. Please notify > us immediately by reply e-mail and then delete this message from your > system. Please do not copy it or use it for any purposes, or disclose its > contents to any other person. To do so could violate state and Federal > privacy laws. > Thank you for your cooperation. Please contact me if you need assistance. >
This archive was generated by hypermail 2b30 : Wed Aug 06 2003 - 18:41:32 PDT