Questions

How to stop unauthorized users?

+
1 Votes
Locked

How to stop unauthorized users?

adminsalman
I have one wireless connection here in the camp but its only for managers.i have put cisco aironet 1300 AP to provide wireless connection and as this Ap doesn't provide the dhcp service so i have put dhcp server to assign ip add.i have put password for the connection for the security but somehow some unauthorized users are getting the password and connecting.i can see them on the router and dhcp server but cannot block them.kindly suggest me what to do.
Thanx
  • +
    1 Votes
    SmartAceW0LF

    What form of encryption are you using on the AP? Also, is there any way for any of these individuals to gain physical access to the AP?

    +
    1 Votes
    adminsalman

    m using wep encryption on the AP.no its not possible for any users to get access physically.what i think is that they are gettng password from any authorized user.what m interested in is that can i block them through mac address???

    +
    1 Votes
    markp24

    Hi,

    This may help, Change your level of encryption to at least 2pa if not WPA-2.(WEP is crackable in under 6 min some sites say 2 min on the web) Add Mac Filtering so only the devices you specify can connect (yes mac addresses can be spoofed, but its just one more layer of protection) . I would also change the SSID and turn off SSID broadcasting.

    See if that resolved the issue.

    +
    1 Votes
    robo_dev

    and the campers are not allowed to bring their own software, then mac filtering should help.

    While apps like Kismet or AirSnort will reveal connected mac addresses, thus making this security measure very weak, if the user does not have the software, then you're OK.

    While some vendor's WEP implementations are very easy to crack, Cisco's is not. While you should use WPA/2 if possible, I would seriously doubt that any normal campers would be able to intercept and crack the WEP keys on your Aironet device. I have tried this on several Cisco devices.....sent five gigabytes of data over the WLAN, got ZERO IV collisions....none. No interesting packets means you cannot crack WEP.

    Since you can have up to 16 SSIDs in the Cisco AP, you should give each manager their own network ssid, then you can quickly find out who is the mole. :)

  • +
    1 Votes
    SmartAceW0LF

    What form of encryption are you using on the AP? Also, is there any way for any of these individuals to gain physical access to the AP?

    +
    1 Votes
    adminsalman

    m using wep encryption on the AP.no its not possible for any users to get access physically.what i think is that they are gettng password from any authorized user.what m interested in is that can i block them through mac address???

    +
    1 Votes
    markp24

    Hi,

    This may help, Change your level of encryption to at least 2pa if not WPA-2.(WEP is crackable in under 6 min some sites say 2 min on the web) Add Mac Filtering so only the devices you specify can connect (yes mac addresses can be spoofed, but its just one more layer of protection) . I would also change the SSID and turn off SSID broadcasting.

    See if that resolved the issue.

    +
    1 Votes
    robo_dev

    and the campers are not allowed to bring their own software, then mac filtering should help.

    While apps like Kismet or AirSnort will reveal connected mac addresses, thus making this security measure very weak, if the user does not have the software, then you're OK.

    While some vendor's WEP implementations are very easy to crack, Cisco's is not. While you should use WPA/2 if possible, I would seriously doubt that any normal campers would be able to intercept and crack the WEP keys on your Aironet device. I have tried this on several Cisco devices.....sent five gigabytes of data over the WLAN, got ZERO IV collisions....none. No interesting packets means you cannot crack WEP.

    Since you can have up to 16 SSIDs in the Cisco AP, you should give each manager their own network ssid, then you can quickly find out who is the mole. :)