Or why flashing lights don't always prove things are working
Just spend an inordinate amount of time today trying to get a fairly simply device working.
A wireless AP from 3Com, which is also now out of production, it takes wireless packets and drops them onto your LAN. Or so I believed.
Now with corporate data sensitivity the way it is, I would not want someone being either able to sniff or abuse our network. So I took the usual security precautions.
Choosing the strongest level of encryption and authentication I could, that was compatible with the wireless cards we use and the aforementioned AP.
However, it seems that one, the other or both seem to have taken different interpretations of the standards. It wasted some of my colleagues time, and alot of mine.
I got to the point were I almost believed the thing was broken (it was handed over from a director who had dubious use from it).
I could connect to the wireless network, but be damned if I could pass traffic. Now the better among you will spot my error, something I should have thought of alot earlier.
This was all until I decided to take off all encryption and authentication and provided full open access.
Now before you security guru's start screaming, I had taken a number of precautions. First of all segmenting it off from the main network, even onto it's own iNet feed.
I now could prove that despite the choices, the encryption was not working.
I then spent a further deal of time trying to find out which combinations actually worked. Despite the advanced nature of both, we've ended up back with no better than a shared key and 128bit WEP.
It'll keep the script kiddies out, but it's looking somewhat less secure than I intended.
So beware of vendors bearing certificates of conformity.
ttfn
No comments:
Post a Comment