Detection of Rogue Access Points
sean at seanharlow.info
Tue Oct 16 01:17:11 UTC 2012
On Mon, Oct 15, 2012 at 8:44 PM, George Herbert <george.herbert at gmail.com>wrote:
> This solution - the "don't care" solution - almost fails the
> negligence test for certain security regimes including PCI (credit
> cards) and possibly SOX for retail data locations (and HIPPA for
> hospitals / medical locations, etc).
Of course, and this is where the situational judgement comes in to play.
The low-security environments I was envisioning are those more like my own
office, where the only on-site server is basically a homebrew NAS storing
music/movies for slow days. We've jumped head first in to the Google Apps
system so all files, mail, etc. are there. Payments and any other
customer-facing services are on servers hosted in a proper datacenter,
never coming close to the office LAN, so our actual risk is basically the
same as that of a home user. The boss using his laptop on public WiFi
worries me a lot more than someone gaining access to our network.
If you take payments on-premise and transmit them over the network, it's
obviously another story entirely.
More information about the NANOG