|
Posted by =?Utf-8?B?c3Bpa2U=?= on April 28, 2007, 10:12 am
If you were Registered and logged in, you could reply and use other advanced thread options
Dear all,
Anyone knows if there are any updates to the way WZC works.
This post dated 2005, and i tested some of them but it does stands.
http://www.microsoft.com/technet/community/columns/cableguy/cg1102.mspx
"How Wireless Auto Configuration Works
For the initial scan of available networks, Wireless Auto Configuration
performs the following process:
1.
Wireless Auto Configuration attempts to connect to the preferred networks
that appear in the list of available networks in the preferred networks
preference order, if the preferred networks are configured to automatically
connect (the Connect when this network is within range checkbox is selected
on the Connection tab for the properties of the preferred wireless network).
2.
If there are no successful connections, Wireless Auto Configuration attempts
to connect to the preferred networks that do not appear in the list of
available networks, in the preferred networks preference order. This is done
so that a Windows wireless client can connect to a hidden wireless network,
one that is either not broadcasting its SSID or broadcasting an SSID of NULL.
Configuring hidden wireless networks is used as a security measure to prevent
malicious users from detecting and attempting a connection to a wireless
network. However, the SSID is included in other types of wireless connection
management frames and is easily discoverable by either capturing wireless
management frames or using tools available on the Internet.
3.
If there are no successful connections and there is an ad hoc network in the
list of preferred networks that is available, Wireless Auto Configuration
tries to connect to it.
4.
If there are no successful connections and there is an ad hoc network in the
list of preferred networks that is not available, Wireless Auto Configuration
configures the wireless network adapter to act as the first node in the ad
hoc network.
5.
If there are no successful connections to preferred networks and there are
no ad hoc networks in the list of preferred networks, Wireless Auto
Configuration checks the Automatically connect to non-preferred networks
setting.
6.
If Automatically connect to non-preferred networks is enabled, Wireless Auto
Configuration attempts to connect to the available networks the order in
which the wireless adapter sensed them.
7.
If all connection attempts to non-preferred networks fail or if
Automatically connect to non-preferred networks is disabled, Wireless Auto
Configuration creates a random wireless network name and places the wireless
network adapter in infrastructure mode. After this, the wireless adapter is
not connected to any wireless network but continues to scan for preferred
wireless networks every 60 seconds. This behavior prevents the Windows
wireless client from accidentally connecting to a wireless network that does
not appear in the list of preferred networks. You are then prompted with the
"One or more wireless networks are available" message in the notification
area."
Your help is appreciated
|
|
Posted by =?Utf-8?B?c3Bpa2U=?= on April 28, 2007, 10:20 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi , sorry,
i forget to mention, i tested with the EVil Twin concept. 2 Access points
with the same SSID, one with stronger signal. the user will connect to the
stronger one.
regards
|
|
Posted by S. Pidgorny on April 28, 2007, 9:08 pm
If you were Registered and logged in, you could reply and use other advanced thread options
hidden SSIDs.
But no major changes as far as I know.
Which is okay. I think you cannot create the "evil twin" of a properly
secured 802.1x-enabled wireless network.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
> Hi , sorry,
>
> i forget to mention, i tested with the EVil Twin concept. 2 Access points
> with the same SSID, one with stronger signal. the user will connect to the
> stronger one.
>
> regards
>
>
|
|
Posted by =?Utf-8?B?c3Bpa2U=?= on April 29, 2007, 12:18 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I think you are wrong here. A properly secured 802.1X with authenticator
allow mutual authentication between the client and the authenticator server
which will prevent rogue access point.
most of the 802.1x architecture aloow unsecured connection to the dump AP
which then forward a request to the authentication server. this is done for
the ease of use of the wireless clients, about 90% corporate uses this system.
The attack
Set up an AP with the same SSID as the legitimate AP and provide the users
with the same captive portal that the attacker gets when accessing the
genuine AP. but here even if the users get their logging credential wrong the
CP will still log them in.
moreover one you have a connection to the AP, you can look for other
vulnerable machines on that WLAN and compromise them, most probably install
keyloggers and retrieve their credentials.
regards
"S. Pidgorny <MVP>" wrote:
> Few things are changed in Vista, like the way it connects to networks with
> hidden SSIDs.
> But no major changes as far as I know.
>
> Which is okay. I think you cannot create the "evil twin" of a properly
> secured 802.1x-enabled wireless network.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
|
|
Posted by S. Pidgorny on April 29, 2007, 5:33 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
> I think you are wrong here. A properly secured 802.1X with authenticator
> allow mutual authentication between the client and the authenticator
> server
> which will prevent rogue access point.
Look like I'm right. I said: "you _cannot_ create the "evil twin" of a
properly secured 802.1x-enabled wireless network".
> most of the 802.1x architecture aloow unsecured connection to the dump AP
> which then forward a request to the authentication server. this is done
> for
> the ease of use of the wireless clients, about 90% corporate uses this
> system.
>
> The attack
>
> Set up an AP with the same SSID as the legitimate AP and provide the users
> with the same captive portal that the attacker gets when accessing the
> genuine AP. but here even if the users get their logging credential wrong
> the
> CP will still log them in.
Captive portals aren't used in 802.1x, a layer two protocol.
But whenever they are used, the decision of trust is with the user - same
situation as with Web sites. So opportunities are plentiful. A completely
open AP also poses threats beyound traffic sniffing - see my writeup at
http://sl.mvps.org/docs/RogueAP.htm
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
|
| Similar Threads | Posted | | wireless security | January 3, 2006, 1:20 pm |
| Question about Wireless Security | September 20, 2006, 1:01 pm |
| Wireless connection security | October 7, 2006, 10:05 pm |
| Maximizing wireless security | January 26, 2008, 1:39 pm |
| wireless and router; security issue | August 20, 2006, 6:36 pm |
| Citrix, VPN, Remote Desktop and Wireless security | November 18, 2005, 4:05 pm |
| wireless driver security: don't work as non-admin | August 5, 2008, 1:54 pm |
| Wholesale Wireless Microphone - Chinese Wireless Microphone Manufacturer | April 23, 2008, 8:12 pm |
| Wireless | December 6, 2006, 8:55 pm |
| How can I see if someone is using my wireless connection | September 8, 2005, 10:55 pm |
|
XML site map