Ad Hoc in the corporate environment

0 pts.
Tags:
Firewalls
Forensics
Incident response
Intrusion management
Mobile security
Network protocols
Network security
VPN
Wireless
I am the LAN/WAN/WLAN administrator for a division of a very large corporation. I just received a Dell Latitude D-600, which has a built-in Intel Pro Wireless 2200BG. We have quite a few D-600's and D-610's. Looking through the wireless security alerts on my switch, I noticed that there were a lot of man in the middle alerts. Looking further, some of the error were coming from my laptop and the laptop in the next cubicle. While troubleshooting my Intel driver, i see that Intel, by default, enables an Ad Hoc capacity in the card. Contacting Intel's tech support confirmed that, and I was told that there is no way to turn it off. OK, now the question. Does anyone else worry about the lack of security the causes? I also have users that leave the wireless card enabled while plugged into the corporate wired LAN with these Ad Hoc networks beconing, compounding the problem. Has anyone else dealt with this? And lastly, how do you get management to realize how big a hole this is in the WLAN network. So far, all I've gotten was an "Oh well". My thought is to cancel any and all orders of these risky computer on my networks, make Dell aware of Intel's lack of concern and find a new vendor.
ASKED: March 8, 2006  11:48 AM
UPDATED: March 16, 2006  12:07 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

I’ve been fortunate enough to have dodged the bullet of putting a Dell Latitude 610 on our network recently. However, with the problem you are seeing with the 610, it makes me curious about the Dell Insipiron 9300 that we just added the other day. However, with that laptop, we removed the wireless card entirely and disabled it in BIOS since the user will always use a wired connection to the LAN.

You might be able to do the same thing with the Latitude, although I haven’t fooled around with them too much to know if the card can be removed. If you need to connect to the WLAN, you may have to disable the built in wireless card and purchase a separate PCMCIA card.

SF

Discuss This Question: 8  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Larrythethird
    That would be the wise thing to do, except for the costs involved. "We have already paid for the built in card" is what I would hear if I asked to take all the executives laptops back for a day and get the hardware guys to swap out the already working (as far as the executives know) wireless adaptor and buy new adaptors to replace them. The only logical resolution to this issue would be for Intel to fix the driver. I would look at the driver of any Intel wireless adapter's hardware properties under the Advanced tab. If Ad Hoc is ther, it is there and there is no way to disable it.
    0 pointsBadges:
    report
  • Donnewbee
    I?m working in a small shop originally hired as a developer but now wear many hats. Our shop just switched out our old Dell towers with new Latitude D810 that have internal Dell Wireless 1370 cards. I?d like to learn a more from everyone. What are ?a lot of man in the middle alerts? and how does one look at these? How do I determine if the Dell Wireless 1370 card enables an Ad Hoc capacity? Do I need to worry about a lack of security these cards may pose as well?
    0 pointsBadges:
    report
  • Sonyfreek
    The execs might listen if you can provide some hard evidence as to what is at risk. For example, if you can establish an ad-hoc connection with the laptop and capture something personal and important to the executive (SSN, Credit Card number, phone numbers, his/her personal agenda or schedule, etc), I'll bet they'll be willing to pay the extra money for the protection. You'll also want some backup information on the procurement to assure them that there was no way of determining that the wireless cards in the laptops would act this way. Notify them of the proximity the attacker must be in order to establish and ad-hoc network with their laptop and run through a couple of scenarios (being hacked on an airplane, at home, the office, etc). Heck, you could invite all of them to a meeting and ask them to bring their laptops. Have them turn them on and show all of their wireless networks on the big screen. Their eyes, ears, and pocketbooks would open up so fast, you'd feel the breeze. SF
    0 pointsBadges:
    report
  • Poppaman
    I agree with what sonyfreek says - if you can show the people who control the funds just how vulnerable they are, you'll get action fast... ***HOWEVER*** 1. Make sure that your boss and your boss' boss know what you will be doing BEFORE you call the meeting, as what you propose (hacking into the exectutives "personal" information) may be seen as grounds for termination, if not prosecution. If the people two steps up the ladder know what you are doing, then you are protected... 2. You mention that you are a division of a large corporation: how do other division's LAN/WAN admin's address this issue? Is there a Corporate policy? Is anyone from Corporate security even aware of the issue? You may be trying to re-invent the wheel here.... 3. As far as worrying about security - allowing the Ad-Hoc networking capability to remain without some sort of adequate control is like leaving corporate trade secrets behind in a manilla folder in an airport lobby marked "STEAL ME". Have you thought about applying a personal firewall and restricting/controlling access on the wireless interface? Do you use VLAN and/or a token to control access, wired ir wireless? I would support cancelling the Dell orders if you cannot figure aout some way to restrict or control the wireless access, but remember, you will have to plan on supporting the newer platform and your existing Dells through their usefull lifespan; how much will that add to your support costs (two sets of spare parts with only partial overlap; two sets of support procedures; two sets of system images, etc...)
    0 pointsBadges:
    report
  • Larrythethird
    I really appreciate all of your comments. It makes me feel better that I am not alone in my concerns over this issue. I just do the networks. I have zero input over PC's, laptop or software. I brought this up to my boss and the other MIS manager, the person in charge of the servers, PCs and laptops, and all they said was "Oh well". My boss at least said we've done all we can do by making others aware of the issue. Neither would escalate it to the VP. In the corporate world, it's all about costs, and we get these Dell laptops dirt cheap. I am really not a good enough hacker to break into an open laptop, so that would take a little learning to accomplish that. Any guidence to a quick hack of this type of vunerability would be appreciated . Just enough to touch the system should be good enough. I cannot believe that Intel (and Dell for including this card) would supply an un-secure product in a laptop designed for a corporate environment, and then show no interest in plugging a hole when it is found. Their support group was almost rude when I asked how to disable Ad Hoc capabilites on this card.
    0 pointsBadges:
    report
  • Sonyfreek
    Your typical war driving kit would consist of the following tools: 1) Airsnort - http://airsnort.shmoo.com/ - Captures wireless packets 2) NetStumbler - http://www.stumbler.net/ - Windows 802.11a, 802.11b, and 802.11g WLAN detector 3) Wepcrack - http://sourceforge.net/projects/wepcrack/ - Cracks 802.11 WEP encryption keys 4) WPA Cracker - http://www.tinypeap.com/html/wpa_cracker.html - Dictionary/brute force attacker against WPA encryption Others are listed at: http://www.wardrive.net/wardriving/tools However, since you can establish an ad-hoc connection to the workstation, you don't need to do any of these steps. All you would need is a remote exploit on the system in question or to use the already established remote connectivity (if you have the software in place). Depending on if these systems are taken out of the office frequently, they might not be patched up to the level of your workstations. In that case, you'd need a remote exploit on one of the recently released patches. As far as using remote connecitivity, if you have remote desktop or VNC enabled for the clients for easing management, simply log on to the machine using the RDP or the VNC client. You should already know the local administrator passwords on the laptops, so you log on with that account. You'd have to explain to the execs that the hacker would need to figure out the local admin password to use the existing remote management tool or would need to try a remote exploit. However, you should focus on the risk and proof of concept and less on the chances that the hacker and system will have these available at the opportune moment. Hope this points you in the right direction. For more on cracking wireless networks, you could check out a book like "Hacking Exposed - Wireless" at http://www.amazon.com/gp/product/0072262583/sr=8-1/qid=1142169056/ref=pd_bbs_1/104-7182212-8272721?%5Fencoding=UTF8 or "Hacking Wireless Networks For Dummies" http://www.amazon.com/gp/product/0764597302/sr=8-2/qid=1142169056/ref=sr_1_2/104-7182212-8272721?%5Fencoding=UTF8. Don't take the "For Dummies" titles as an insult, please. Hope this helps, SF
    0 pointsBadges:
    report
  • Sonyfreek
    Larry, The latest update to the Intel 2200BG wireless adapter (Version 9.0.3) fot the Inspiron has a setting in it that allows you to disable the Ad hoc connections. You may want to see if this driver works with your card as it's the same card. I just installed it on our Inspirons the other day and found the setting. Hope that helps, SF
    0 pointsBadges:
    report
  • Larrythethird
    The latest driver is 9.0.3.9. It is dated 9/12/2005 after it is installed, although the file on the Intel site claims it's from 1/19/2006. At first glance, it looks like they took the same driver from last year and took away the Advanced tab. The Ad Hoc network is still there. I can see them with my Aruba wireless switch creating Man in the Middle alerts when two laptops try to attach to each other. Intel just doesn't want you to know that the Ad Hoc networking is still active.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following