Identifying a wireless LAN user in the network

ssandri · ‎02-26-2003

Is there a possibility to identify a WLAN user on the wired network?

How can I make sure, that nobody places a rogue AP in the network and get access to the wired network or a employee puts in a WLAN card and allows a

non-employee to access to the network from outside?

Is there a mechanism to identify such a constellation like all the adaptors have

a special MAC Address or something like that?

Many thanks!

ndoshi · ‎03-02-2003

Hi ,

a) There is no good method for this . There are different tools to identify rogue AP but all are site survey tool , you physically go to all places and detect the

signal for rogue AP .

b) You can turn on MAC address authenitcation saying that only certain mac are are allowed to associate with AP , that way you can control wlan client adapter .But mac address goes in clear text so it can be spoofed .

c) Cisco AP12.01 has new feature to detect rogue AP but it s light duty tool and works under certain condition

http://www.cisco.com/en/US/products/hw/wireless/ps458/products_configuration_guide_chapter09186a00801049a8.html#1036595

d) Best is to have strict corporate policy for rogue AP

e) If you are connecting over switch on switch you can run EAP and protect ethernet switch port and authenitcate ethernet switch ports

Nilesh

ssandri · ‎03-03-2003

Thanks Nilesh

And what about a client which is in Peer-to-Peer mode? A Hacker may come through that client which is also connected to the wired LAN.

think there is no possibility at all?

Regards

Stefan