As far as the wireless stuff goes, it would be amazingly difficult but not impossible to get it right. Our AP's will not allow authentication without the client mac being pounded into our ACS servers.(MAC spoofing isn't all that hard, but) Also the AP's don't broadcast the SSID's(fairly easy to get around). In the case that someone gets the first two right, they need to then figure out the name of the VPN servers. We do not allow any type of access from the AP's without a VPN session established. Then they need to get the VPN settings right and also need to have a user account comprised that had VPN access. Not impossible, but quite difficult for someone to do without making any "noise" that we would be alerted on. At that point the access lists on the AP's keep you from really touching any of the gear that would hurt us.
All that being said there are million of exploits out there and lots of tools, but we feel that we have a fairly good system in place to deter all but the very skilled and very determined person out there.
Hope that provides a bit of info you were looking for. Feel free to ask any ?'s if you have any.
Mike Balasko Network Specialist II City of Henderson
it clown wrote:
Is there a way to see who is connected to your network.
Say if you have a wireless network and you need to know if someone got it right to get onto your network.
How do you monitor that and how do you prevent it?
Even on a normal network how could you monitor who is connected to your network?
Regards _____________________________________________________________________ For super low premiums, click here http://www.dialdirect.co.za/quote
